The IAL3 Enrollment Platform That Never Closes

Rethinking the IAL3 Enrollment Footprint

The market knows NextgenID for one thing: Supervised Remote Identity Proofing (SRIP). It is the capability we patented, the architecture we pioneered, and the foundation under the world’s only Kantara-certified IAL3 credentialing program. So when a federal agency, a regulated commercial enterprise, or a systems integrator describes our solution, the description tends to start, and end, with the word remote.

That description is accurate. It is also understated by half.

The same NextgenID IAL3 enrollment platform that delivers world-class supervised remote enrollment delivers fully in-person enrollment, on the same hardware, through the same workflow, under the same compliance posture. It also delivers any hybrid combination of the two. And it does all of this across three form factors, Kiosk, Desktop, and Mobile, each of which supports each of the three enrollment modes.

One platform. Three form factors. Three operating modes. Nine ways to deliver IAL3 identity proofing and enrollment. One architecture under all of them.

Each of those operating modes is a meaningful capability on its own. The combination is what no other provider in the market delivers, and the combination is what changes the economics of every site in the enrollment footprint, from the single-station regional office to the mobile mass-enrollment deployment.

One IAL3 Enrollment Platform, Three Operating Modes

• In-person. A trained agent stands beside the Enrollee at a NextgenID Identity Station and walks them through the enrollment workflow. This is the traditional ICAM enrollment posture, and NextgenID supports it natively, with an architectural difference that changes the economics. More on that below.
• Supervised remote. A trained agent supervises the Enrollee remotely from a secure call center. The Enrollee uses an unattended NextgenID Identity Station; the agent observes and guides through the same NextgenID workflow. This is the patented capability, originally Supervised Remote Identity Proofing, now formally branded as our Onsite Attended service, that established NextgenID’s position in the market and is protected by an industry-leading patent portfolio.
• Hybrid. The same Identity Station, the same Enrollee, and the same workflow transition between in-person and supervised remote modes automatically, in response to operational conditions. The site that opens with a local agent on Monday morning continues to enroll Enrollees Monday afternoon when the agent goes home sick, only the agent moves; the station, the Enrollee, and the workflow do not.

Why a Single Architecture Matters

Three properties of the NextgenID architecture make this multi-modal operating model possible. They are also the properties that differentiate NextgenID from every other in-person enrollment system in the market.

• The station is fully integrated, tamper-protected, and treated as a sealed instrument. Traditional in-person enrollment stations are assembled from off-the-shelf peripherals, a fingerprint reader, a document scanner, a signature pad, an iris camera, a webcam, connected to a host PC through a USB hub. Each of those peripherals is a separate trust boundary. Each cable is a tamper surface. Each driver is a software supply chain. Any of them can be substituted, intercepted, or compromised by an attacker with physical access. NextgenID Identity Stations, across all three form factors, are engineered as integrated devices, with secured peripherals, monitored connections, and tamper-evident packaging. A station that can be trusted in an unattended supervised-remote configuration is, by construction, a station that meets a higher tamper-resistance bar than a USB-assembled in-person station ever can.
• The workflow is built for the Enrollee to drive. Every step of the enrollment workflow is designed for the Enrollee to execute on a self-service basis: positioning for the facial capture, presenting documents to the scanner, performing the fingerprint capture, completing the attestations. The supervising agent, whether in the room or in a remote operating center, observes, validates, and guides, but does not perform mechanical steps. The Enrollee does most of the work. The agent’s role is supervision and exception handling.
• A single in-person agent can supervise multiple enrollments simultaneously. Traditional in-person stations are rate-limited by the agent: one agent, one station, one Enrollee at a time. Because the NextgenID workflow is Enrollee-driven, the agent is no longer the bottleneck. At a multi-station site, one NextgenID in-person agent supervises several Enrollees at adjacent stations simultaneously, a staffing posture structurally lower than 1:1, and structurally unavailable to traditional in-person enrollment systems.

These are not aspirational properties. They are the engineering consequences of an architecture designed from the start to function in both attended and unattended postures. What follows is what they do for an enrollment program in practice, and the answer depends on the size and the shape of the site.

The Single-Station Site:
Continuous coverage and extended service hours

Many enrollment centers operate at a footprint that supports a single Identity Station; a regional office, a satellite location, a partner site, a low-volume credentialing point. In this configuration, multi-station staffing leverage does not apply: one station, one Enrollee at a time. What changes for the small site is everything that surrounds the enrollment session itself.

When the on-site agent is present, the station operates as a conventional in-person enrollment point. When the agent is absent, sick, in training, on vacation, transitioning out of the role, the station does not close. It transitions automatically to a supervised remote agent, drawn from NextgenID’s Agent pool, the client’s Agent pool, or a hybrid of the two. Enrollees who arrived to enroll are still served. The SLA continues to hold. The local agent’s absence stops being a service-availability event.

The same property has a second consequence that is often more valuable than the failover one. If the station remains accessible to Enrollees outside the on-site agent’s working hours, through a 24/7 facility, a partner’s extended hours, or an after-hours access policy, the station can extend service into evenings, weekends, and overnight. Up to 24/7 coverage from a single station, with one on-site agent during business hours and a supervised remote agent the rest of the time. The local hire’s calendar is no longer the constraint on when the site delivers service.

The same logic taken to its endpoint removes the on-site agent entirely. Some single-station sites run fully on supervised remote agents from the day they open, no local hire at all. This is the configuration that fits facilities already staffed and accessible for other reasons, such as clinics, partner offices, retail locations, or government service centers, where the host provides the location and the Enrollee access while NextgenID provides the station, the workflow, and the supervised remote agents. The cost basis of operating an IAL3 enrollment point drops to the station and the network connection. For programs extending reach into low-volume geographies, partner footprints, or markets that would not otherwise justify a staffed enrollment site, this is the configuration that opens the footprint.

For a regional or satellite enrollment program built on small-footprint sites, this is the structural change: every site can be a 24/7 site, every site is resilient to the absence of its single on-site staffer, and every site can also run without one.

The Multi-Station Site:
Leverage, continuity, and elastic staffing

The economics compound when a site is large enough to operate two, three, or more Identity Stations to serve a larger Enrollee population. The multi-station staffing leverage now comes into play, on top of the coverage and hours properties of the smaller site.

A multi-station site operating below the 1:1 ratio that traditional in-person enrollment imposes runs at materially higher throughput per agent than a conventional model. A site that historically required one agent per station now serves the same volume on a fraction of that staffing footprint, and the cost basis per enrollment drops with the staffing line.

When peak demand subsides, overnight, on weekends, between scheduled enrollment windows, the same site shifts to a smaller staffed footprint, or to fully supervised remote, without changing hardware, workflow, or compliance posture. Staffing flexes to match demand instead of being sized for the peak and idle through the trough. Service hours extend in the same way they do at the single-station site, up to 24/7 where the facility supports it.

And the continuity property holds at multi-station scale: if any on-site agent is unavailable, the affected stations automatically transition to supervised remote agents. The site does not close. The SLA holds. The other stations continue to operate at their full staffing leverage with the agents still on site.

The result is a multi-station enrollment operation that can be sized for normal demand rather than for peak, can extend hours into 24/7 coverage as the program requires, and is resilient to the staffing gaps that would close a traditional in-person site.

The Mobile Identity Station:
Mass and mobile enrollment

The same multi-modal architecture takes on a distinct operational shape on the Mobile Identity Station. Where the Kiosk and Desktop form factors anchor a fixed enrollment site, the Mobile form factor is built for the use cases that have historically been the hardest to staff and the most expensive to run: mass enrollment events, deployable enrollment to remote field sites, mobile credentialing at partner locations, disaster response, and any program that has to bring IAL3 enrollment to the Enrollee rather than the other way around.

These are the use cases where the staffing math is most punishing. A mass enrollment event that must process several hundred Enrollees over a fixed window cannot afford a 1:1 agent-to-station ratio. A field deployment to a remote location cannot afford to fly an agent for every station in the kit. A disaster response operation cannot wait for local agents to begin enrolling first responders or affected populations. Maximum service delivered at minimum staffing is the entire operating requirement.

The NextgenID Mobile Identity Station resolves this the same way the Kiosk and Desktop stations do, only the operating leverage is higher because the use case is more constrained. A small on-site team operates a fleet of Mobile stations at a staffing posture structurally lower than 1:1, with additional supervised remote agents drawn from NextgenID’s Agent pool to absorb peak load. Stations that move between sites, between events, between regions, between deployment phases, carry their architecture, their workflow, their compliance posture, and their agent pool with them. The deployment scales with the Enrollee population, not with the agent population on the ground.

For mass and mobile enrollment, the multi-modal architecture is not a convenience. It is what makes the use case operationally viable at IAL3 assurance.

The positioning, restated

NextgenID is not the supervised remote identity proofing provider. NextgenID is the only Kantara-certified IAL3 enrollment and credentialing platform that delivers in-person, supervised remote, and hybrid enrollment, on a single integrated architecture, across three form factors, under the same patented workflow and the same compliance posture.

The market has spent a decade treating supervised remote and in-person enrollment as separate categories, with separate vendors, separate stacks, and separate economics. We collapsed the category. One architecture. Nine ways to enroll. Every site, open. The question is no longer whether the model works. The question is how fast your program adopts it.