TL;DR: Forrester named it a Leader in the Wave Identity Verification Solutions Q3 2025 report, with the vendor also citing 20-second onboarding, 50-plus languages, 14,000 document types, 220-plus countries and territories, and 4,000-plus customers, according to SumSub. The governance question is not ranking alone but how identity verification now sits inside the full customer lifecycle, from onboarding through closure.
NHIMG editorial — based on content published by Sumsub: Report Sumsub recognized as a Leader in the Forrester Wave Identity Verification Solutions, Q3 2025 Report
By the numbers:
- Sumsub says it can securely onboard users in just 20 seconds, with support for 50+ interface languages, 14,000 document types, and compliance with 220+ countries and territories.
- Sumsub says it is trusted by 4,000+ companies.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should IAM teams evaluate identity verification platforms for lifecycle governance?
A: Start by mapping where verification outcomes change a real control decision, such as onboarding, step-up access, recovery, or closure.
Q: When does broad IDV coverage create governance risk instead of reducing it?
A: Broad coverage becomes a risk when it outpaces policy consistency.
Q: What should organisations look for beyond analyst recognition in an IDV report?
A: They should look for evidence of control fit.
Practitioner guidance
- Define where IDV feeds access decisions Document which verification outcomes can trigger onboarding approval, step-up review, transaction blocking, or account closure.
- Test policy consistency across jurisdictions Review whether document acceptance, manual escalation, and exception handling differ by country or product line.
- Separate coverage claims from control evidence Ask for proof of how multilingual, multi-document, and multi-country support is enforced in practice.
What's in the full analysis
Sumsub's full report covers the operational detail this post intentionally leaves for the source:
- The full Forrester criteria breakdown behind strategy, market presence, and current offerings.
- Vendor-side detail on how onboarding, login, transaction, and closure controls are positioned in the platform.
- Implementation context for teams that need to compare verification coverage against internal policy and compliance needs.
- Market-facing claims about multilingual support, document coverage, and customer base scale in one place.
👉 Read Sumsub's report on Forrester Wave identity verification recognition →
Identity verification leadership claims: what should IAM teams review?
Explore further
Identity verification is now part of lifecycle governance, not just fraud prevention. The article frames IDV as spanning account creation, login, transactions, and closure, which is the right boundary for modern identity programmes. Once verification reaches into the whole customer journey, teams have to treat it as an assurance control with lifecycle consequences, not a point solution for onboarding. Practitioners should evaluate IDV in the same governance conversation as access, recovery, and offboarding.
A few things that frame the scale:
- NHIs outnumber human identities by 25x to 50x in modern enterprises, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how quickly identity governance breaks down once ownership and lifecycle tracking weaken.
A question worth separating out:
Q: How do identity verification and identity governance fit together in practice?
A: Identity verification establishes an initial level of trust, while identity governance decides how that trust is maintained, challenged, or removed over time. In practice, the two must be connected through lifecycle events, case management, and access policy. Without that link, verification becomes a one-time check that does not protect the full identity journey.
👉 Read our full editorial: Sumsub’s Forrester recognition and what it means for IDV governance