diff --git a/feature/external-credential/build.gradle.kts b/feature/external-credential/build.gradle.kts
index 91c7634400..fc98c9ea09 100644
--- a/feature/external-credential/build.gradle.kts
+++ b/feature/external-credential/build.gradle.kts
@@ -12,6 +12,9 @@ dependencies {
     implementation(project(":infra:config-sync"))
     implementation(project(":infra:ui-base"))
     implementation(project(":feature:exit-form"))
+    implementation(project(":infra:enrolment-records:repository"))
+    implementation(project(":infra:auth-store"))
+    implementation(project(":infra:matching"))
     implementation(libs.androidX.cameraX.view)
     implementation(libs.mlkit.text.recognition)
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ExternalCredentialContract.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ExternalCredentialContract.kt
index 84d5f78768..2aeb320d87 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ExternalCredentialContract.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ExternalCredentialContract.kt
@@ -1,13 +1,28 @@
 package com.simprints.feature.externalcredential
 
+import com.simprints.core.ExcludedFromGeneratedTestCoverageReports
 import com.simprints.core.domain.common.FlowType
 import com.simprints.feature.externalcredential.model.ExternalCredentialParams
+import com.simprints.infra.config.store.models.AgeGroup
+import com.simprints.infra.matching.MatchParams
 
+@ExcludedFromGeneratedTestCoverageReports("Navigation class")
 object ExternalCredentialContract {
     val DESTINATION = R.id.externalCredentialControllerFragment
 
     fun getParams(
         subjectId: String?,
         flowType: FlowType,
-    ) = ExternalCredentialParams(subjectId = subjectId, flowType = flowType)
+        ageGroup: AgeGroup?,
+        probeReferenceId: String? = null,
+        faceSamples: List<MatchParams.FaceSample> = emptyList(),
+        fingerprintSamples: List<MatchParams.FingerprintSample> = emptyList(),
+    ) = ExternalCredentialParams(
+        subjectId = subjectId,
+        flowType = flowType,
+        ageGroup = ageGroup,
+        probeReferenceId = probeReferenceId,
+        faceSamples = faceSamples,
+        fingerprintSamples = fingerprintSamples,
+    )
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ExternalCredentialSearchResult.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ExternalCredentialSearchResult.kt
new file mode 100644
index 0000000000..8942e3b815
--- /dev/null
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ExternalCredentialSearchResult.kt
@@ -0,0 +1,26 @@
+package com.simprints.feature.externalcredential
+
+import androidx.annotation.Keep
+import com.simprints.core.ExcludedFromGeneratedTestCoverageReports
+import com.simprints.core.domain.common.FlowType
+import com.simprints.core.domain.step.StepResult
+import com.simprints.feature.externalcredential.model.CredentialMatch
+import com.simprints.feature.externalcredential.screens.search.model.ScannedCredential
+
+/**
+ * Results of the external credential 1:L match (where L is '1' or really close to 1).
+ *
+ * @param flowType flow type. Either [FlowType.ENROL] or [FlowType.IDENTIFY]
+ * @param scannedCredential information about the credential that was scanned
+ * @param matchResults if [scannedCredential] exists in local database, this field contains match results between the biometric probe taken
+ * during the flow, and probes linked to the [scannedCredential]
+ */
+@Keep
+@ExcludedFromGeneratedTestCoverageReports("Data class")
+data class ExternalCredentialSearchResult(
+    val flowType: FlowType,
+    val scannedCredential: ScannedCredential,
+    val matchResults: List<CredentialMatch>,
+) : StepResult {
+    val goodMatches = matchResults.filter(CredentialMatch::isVerificationSuccessful)
+}
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ext/ViewExt.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ext/ViewExt.kt
new file mode 100644
index 0000000000..5e85668ca3
--- /dev/null
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/ext/ViewExt.kt
@@ -0,0 +1,44 @@
+package com.simprints.feature.externalcredential.ext
+
+import android.view.View
+import android.view.animation.AccelerateInterpolator
+import android.view.animation.DecelerateInterpolator
+import androidx.core.view.isVisible
+import androidx.fragment.app.Fragment
+import com.simprints.infra.uibase.annotations.ExcludedFromGeneratedTestCoverageReports
+
+@ExcludedFromGeneratedTestCoverageReports("View animation")
+fun View.fadeOut(
+    duration: Long,
+    scaleX: Boolean,
+    fragment: Fragment,
+) = animate()
+    .alpha(0f)
+    .setDuration(duration)
+    .setInterpolator(DecelerateInterpolator())
+    .withEndAction {
+        if (fragment.isAdded) {
+            this.isVisible = false
+        }
+    }.also {
+        if (scaleX) {
+            it.scaleX(0f)
+        }
+        it.start()
+    }
+
+@ExcludedFromGeneratedTestCoverageReports("View animation")
+fun View.fadeIn(
+    duration: Long,
+    fragment: Fragment,
+    onComplete: (() -> Unit)?,
+) = animate()
+    .alpha(1f)
+    .setInterpolator(AccelerateInterpolator())
+    .setDuration(duration)
+    .withEndAction {
+        if (fragment.isAdded) {
+            this.isVisible = true
+            onComplete?.invoke()
+        }
+    }.also { it.start() }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/model/CredentialMatch.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/model/CredentialMatch.kt
new file mode 100644
index 0000000000..a628729173
--- /dev/null
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/model/CredentialMatch.kt
@@ -0,0 +1,20 @@
+package com.simprints.feature.externalcredential.model
+
+import androidx.annotation.Keep
+import com.simprints.core.ExcludedFromGeneratedTestCoverageReports
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.infra.config.store.models.FaceConfiguration
+import com.simprints.infra.config.store.models.FingerprintConfiguration
+import com.simprints.infra.matching.MatchResultItem
+
+@Keep
+@ExcludedFromGeneratedTestCoverageReports("Data class")
+data class CredentialMatch(
+    val credential: TokenizableString.Tokenized,
+    val matchResult: MatchResultItem,
+    val verificationThreshold: Float,
+    val faceBioSdk: FaceConfiguration.BioSdk?,
+    val fingerprintBioSdk: FingerprintConfiguration.BioSdk?,
+) {
+    val isVerificationSuccessful = matchResult.confidence >= verificationThreshold
+}
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/model/ExternalCredentialParams.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/model/ExternalCredentialParams.kt
index ee33721d4d..54060a72c9 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/model/ExternalCredentialParams.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/model/ExternalCredentialParams.kt
@@ -1,11 +1,19 @@
 package com.simprints.feature.externalcredential.model
 
 import androidx.annotation.Keep
+import com.simprints.core.ExcludedFromGeneratedTestCoverageReports
 import com.simprints.core.domain.common.FlowType
 import com.simprints.core.domain.step.StepParams
+import com.simprints.infra.config.store.models.AgeGroup
+import com.simprints.infra.matching.MatchParams
 
 @Keep
+@ExcludedFromGeneratedTestCoverageReports("Data class")
 data class ExternalCredentialParams(
     val subjectId: String?,
     val flowType: FlowType,
+    val ageGroup: AgeGroup?,
+    val probeReferenceId: String?,
+    val faceSamples: List<MatchParams.FaceSample>,
+    val fingerprintSamples: List<MatchParams.FingerprintSample>,
 ) : StepParams
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialControllerFragment.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialControllerFragment.kt
index 79f1970523..9c6f7dda13 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialControllerFragment.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialControllerFragment.kt
@@ -7,6 +7,7 @@ import androidx.fragment.app.Fragment
 import androidx.fragment.app.activityViewModels
 import androidx.navigation.NavController
 import androidx.navigation.fragment.findNavController
+import com.simprints.core.livedata.LiveDataEventWithContentObserver
 import com.simprints.feature.exitform.ExitFormContract
 import com.simprints.feature.exitform.ExitFormResult
 import com.simprints.feature.externalcredential.GraphExternalCredentialInternalDirections
@@ -17,7 +18,6 @@ import com.simprints.infra.uibase.navigation.handleResult
 import com.simprints.infra.uibase.navigation.navigateSafely
 import com.simprints.infra.uibase.navigation.navigationParams
 import dagger.hilt.android.AndroidEntryPoint
-import kotlin.getValue
 
 @AndroidEntryPoint
 internal class ExternalCredentialControllerFragment : Fragment(R.layout.fragment_external_credential_controller) {
@@ -65,6 +65,12 @@ internal class ExternalCredentialControllerFragment : Fragment(R.layout.fragment
     private fun initObservers() {
         viewModel.stateLiveData.observe(viewLifecycleOwner) {
         }
+        viewModel.finishEvent.observe(
+            viewLifecycleOwner,
+            LiveDataEventWithContentObserver { result ->
+                findNavController().finishWithResult(this, result)
+            },
+        )
     }
 
     private fun initListeners() {
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialViewModel.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialViewModel.kt
index 6a9d824c1c..26d6f57c89 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialViewModel.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialViewModel.kt
@@ -4,6 +4,9 @@ import androidx.lifecycle.LiveData
 import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.ViewModel
 import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.core.livedata.LiveDataEventWithContent
+import com.simprints.core.livedata.send
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
 import com.simprints.feature.externalcredential.model.ExternalCredentialParams
 import dagger.hilt.android.lifecycle.HiltViewModel
 import javax.inject.Inject
@@ -12,6 +15,11 @@ import com.simprints.infra.resources.R as IDR
 @HiltViewModel
 internal class ExternalCredentialViewModel @Inject internal constructor() : ViewModel() {
     private var isInitialized = false
+    lateinit var params: ExternalCredentialParams
+        private set
+    val finishEvent: LiveData<LiveDataEventWithContent<ExternalCredentialSearchResult>>
+        get() = _finishEvent
+    private val _finishEvent = MutableLiveData<LiveDataEventWithContent<ExternalCredentialSearchResult>>()
     private var state: ExternalCredentialState = ExternalCredentialState.EMPTY
         set(value) {
             field = value
@@ -35,6 +43,7 @@ internal class ExternalCredentialViewModel @Inject internal constructor() : View
     fun init(params: ExternalCredentialParams) {
         if (!isInitialized) {
             isInitialized = true
+            this.params = params
             updateState { ExternalCredentialState.EMPTY.copy(subjectId = params.subjectId, flowType = params.flowType) }
         }
     }
@@ -45,4 +54,14 @@ internal class ExternalCredentialViewModel @Inject internal constructor() : View
         ExternalCredentialType.QRCode -> IDR.string.mfid_type_qr_code
         null -> IDR.string.mfid_type_any_document
     }
+
+    fun mapTypeToCredentialFieldResource(type: ExternalCredentialType) = when (type) {
+        ExternalCredentialType.NHISCard -> IDR.string.mfid_nhis_card_credential_field
+        ExternalCredentialType.GhanaIdCard -> IDR.string.mfid_ghana_id_credential_field
+        ExternalCredentialType.QRCode -> IDR.string.mfid_qr_credential_field
+    }
+
+    fun finish(result: ExternalCredentialSearchResult) {
+        _finishEvent.send(result)
+    }
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrFragment.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrFragment.kt
index 2bc74976f1..9ceff794a7 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrFragment.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrFragment.kt
@@ -5,6 +5,7 @@ import android.content.Intent
 import android.os.Bundle
 import android.provider.Settings
 import android.view.View
+import android.view.ViewPropertyAnimator
 import androidx.activity.result.contract.ActivityResultContracts
 import androidx.camera.core.ImageAnalysis
 import androidx.camera.lifecycle.ProcessCameraProvider
@@ -21,17 +22,16 @@ import androidx.lifecycle.lifecycleScope
 import androidx.navigation.fragment.findNavController
 import androidx.navigation.fragment.navArgs
 import com.simprints.core.DispatcherBG
-import com.simprints.core.domain.externalcredential.ExternalCredentialType
 import com.simprints.core.domain.permission.PermissionStatus
 import com.simprints.core.livedata.LiveDataEventWithContentObserver
 import com.simprints.core.tools.extentions.getCurrentPermissionStatus
 import com.simprints.core.tools.extentions.permissionFromResult
 import com.simprints.feature.externalcredential.R
 import com.simprints.feature.externalcredential.databinding.FragmentExternalCredentialScanOcrBinding
+import com.simprints.feature.externalcredential.ext.fadeIn
+import com.simprints.feature.externalcredential.ext.fadeOut
 import com.simprints.feature.externalcredential.screens.controller.ExternalCredentialViewModel
-import com.simprints.feature.externalcredential.screens.scanocr.model.DetectedOcrBlock
 import com.simprints.feature.externalcredential.screens.scanocr.model.OcrCropConfig
-import com.simprints.feature.externalcredential.screens.scanocr.model.OcrDocumentType
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.BuildOcrCropConfigUseCase
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.ProvideCameraListenerUseCase
 import com.simprints.feature.externalcredential.screens.search.model.ScannedCredential
@@ -77,6 +77,10 @@ internal class ExternalCredentialScanOcrFragment : Fragment(R.layout.fragment_ex
     private var previousPermissionStatus: PermissionStatus? = null
     private lateinit var cameraExecutor: ExecutorService
     private lateinit var imageAnalysis: ImageAnalysis
+    private var progressAnimator: ViewPropertyAnimator? = null
+    private var checkAnimator: ViewPropertyAnimator? = null
+    private var isAnimatingCompletion: Boolean = false
+    private var pendingFinishAction: (() -> Unit)? = null
 
     @Inject
     lateinit var viewModelFactory: ExternalCredentialScanOcrViewModel.Factory
@@ -127,9 +131,17 @@ internal class ExternalCredentialScanOcrFragment : Fragment(R.layout.fragment_ex
     override fun onDestroy() {
         stopOcr()
         stopCamera()
+        clearAnimations()
         super.onDestroy()
     }
 
+    private fun clearAnimations() {
+        pendingFinishAction = null
+        isAnimatingCompletion = false
+        checkAnimator?.cancel()
+        progressAnimator?.cancel()
+    }
+
     private fun initializeFragment() {
         renderInitialState()
         initCamera(onComplete = {
@@ -151,13 +163,14 @@ internal class ExternalCredentialScanOcrFragment : Fragment(R.layout.fragment_ex
                 }
 
                 ScanOcrState.NotScanning -> renderInitialState()
+                ScanOcrState.Complete -> animateCompletionState()
             }
         }
 
         viewModel.finishOcrEvent.observe(
             viewLifecycleOwner,
-            LiveDataEventWithContentObserver { detectedBlock ->
-                finish(detectedBlock)
+            LiveDataEventWithContentObserver { scannedCredential ->
+                scheduleFinish(scannedCredential)
             },
         )
     }
@@ -184,8 +197,13 @@ internal class ExternalCredentialScanOcrFragment : Fragment(R.layout.fragment_ex
     private fun renderProgress(state: ScanOcrState.ScanningInProgress) = with(binding) {
         val progressPercentage = (state.successfulCaptures * 100 / state.scansRequired).coerceAtMost(100)
         buttonScan.isVisible = false
-        progressCard.isVisible = true
-        progressBar.progress = progressPercentage
+        progressContainer.isVisible = true
+        progressBar.isVisible = true
+        iconScanComplete.alpha = 0f
+        progressBar.setProgressCompat(progressPercentage, true)
+        instructionsText.setTextColor(ContextCompat.getColor(requireContext(), IDR.color.simprints_text_black))
+        viewfinderMask.setMaskColor(ContextCompat.getColor(requireContext(), IDR.color.simprints_white))
+        viewfinderMask.alpha = VIEW_FINDER_ALPHA_SCAN_ACTIVE
     }
 
     private fun renderInitialState() = with(binding) {
@@ -193,19 +211,34 @@ internal class ExternalCredentialScanOcrFragment : Fragment(R.layout.fragment_ex
         permissionRequestView.isVisible = false
         instructionsText.isVisible = true
         instructionsText.text = getString(IDR.string.mfid_scan_instructions, documentTypeText)
+        instructionsText.setTextColor(ContextCompat.getColor(requireContext(), IDR.color.simprints_text_white))
         documentScannerArea.isVisible = true
-        progressCard.isVisible = false
+        progressContainer.isVisible = false
         buttonScan.isVisible = true
         buttonScan.setOnClickListener {
             viewModel.ocrStarted()
             startOcr()
         }
+        viewfinderMask.setMaskColor(ContextCompat.getColor(requireContext(), IDR.color.simprints_black))
+        viewfinderMask.alpha = VIEW_FINDER_ALPHA_INITIAL
+    }
+
+    private fun animateCompletionState() = with(binding) {
+        isAnimatingCompletion = true
+        progressBar.fadeOut(FINISH_ANIMATION_DURATION, scaleX = true, fragment = this@ExternalCredentialScanOcrFragment)
+        scanInstructions.fadeOut(FINISH_ANIMATION_DURATION, scaleX = false, fragment = this@ExternalCredentialScanOcrFragment)
+        iconScanComplete.fadeIn(FINISH_ANIMATION_DURATION, fragment = this@ExternalCredentialScanOcrFragment, onComplete = {
+            isAnimatingCompletion = false
+            // Execute any pending action after the animation. Currently used is for next fragment navigation
+            pendingFinishAction?.invoke()
+            pendingFinishAction = null
+        })
     }
 
     private fun renderNoPermission(shouldOpenPhoneSettings: Boolean) {
         with(binding) {
             instructionsText.isVisible = false
-            progressCard.isVisible = false
+            progressContainer.isVisible = false
             documentScannerArea.isInvisible = true
             buttonScan.isVisible = false
             val documentTypeText = viewModel.getDocumentTypeRes().run(::getString)
@@ -273,20 +306,31 @@ internal class ExternalCredentialScanOcrFragment : Fragment(R.layout.fragment_ex
         }
     }
 
-    private fun finish(detectedBlock: DetectedOcrBlock) {
-        val credentialType = when (detectedBlock.documentType) {
-            OcrDocumentType.NhisCard -> ExternalCredentialType.NHISCard
-            OcrDocumentType.GhanaIdCard -> ExternalCredentialType.GhanaIdCard
+    /**
+     * Waits until all animations are complete before navigating away. Completion animations are in place because the execution of
+     * [ExternalCredentialScanOcrViewModel.processOcrResultsAndFinish] is not immediate, and it makes the transition to the next fragment
+     * smoother for user.
+     *
+     * The animation state is stored in the [isAnimatingCompletion]. If it is set to true, the navigation action is set to
+     * [pendingFinishAction] which will be executed once animations are complete. If false, the navigation will proceed immediately.
+     */
+    private fun scheduleFinish(credential: ScannedCredential) {
+        val navigationAction = {
+            findNavController().navigateSafely(
+                this@ExternalCredentialScanOcrFragment,
+                ExternalCredentialScanOcrFragmentDirections.actionExternalCredentialScanOcrToExternalCredentialSearch(credential),
+            )
         }
-        val args = ScannedCredential(
-            credential = detectedBlock.readoutValue,
-            credentialType = credentialType,
-            previewImagePath = detectedBlock.imagePath,
-            imageBoundingBox = detectedBlock.blockBoundingBox,
-        )
-        findNavController().navigateSafely(
-            this@ExternalCredentialScanOcrFragment,
-            ExternalCredentialScanOcrFragmentDirections.actionExternalCredentialScanOcrToExternalCredentialSearch(args),
-        )
+        if (isAnimatingCompletion) {
+            pendingFinishAction = navigationAction
+        } else {
+            navigationAction.invoke()
+        }
+    }
+
+    companion object {
+        private const val VIEW_FINDER_ALPHA_INITIAL = 0.5f
+        private const val VIEW_FINDER_ALPHA_SCAN_ACTIVE = 0.9f
+        private const val FINISH_ANIMATION_DURATION = 300L
     }
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrViewModel.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrViewModel.kt
index 5911ef61d3..82390d17f0 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrViewModel.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrViewModel.kt
@@ -6,15 +6,27 @@ import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.ViewModel
 import androidx.lifecycle.viewModelScope
 import com.simprints.core.DispatcherBG
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.core.domain.tokenization.asTokenizableRaw
 import com.simprints.core.livedata.LiveDataEventWithContent
 import com.simprints.core.livedata.send
 import com.simprints.feature.externalcredential.screens.scanocr.model.DetectedOcrBlock
 import com.simprints.feature.externalcredential.screens.scanocr.model.OcrCropConfig
 import com.simprints.feature.externalcredential.screens.scanocr.model.OcrDocumentType
+import com.simprints.feature.externalcredential.screens.scanocr.model.asExternalCredentialType
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.CropDocumentFromPreviewUseCase
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.GetCredentialCoordinatesUseCase
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.KeepOnlyBestDetectedBlockUseCase
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.NormalizeBitmapToPreviewUseCase
+import com.simprints.feature.externalcredential.screens.scanocr.usecase.SaveScannedImageUseCase
+import com.simprints.feature.externalcredential.screens.scanocr.usecase.SaveScannedImageUseCase.ScanImageType.ZoomedInCredential
+import com.simprints.feature.externalcredential.screens.scanocr.usecase.ZoomOntoCredentialUseCase
+import com.simprints.feature.externalcredential.screens.search.model.ScannedCredential
+import com.simprints.infra.authstore.AuthStore
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
+import com.simprints.infra.config.sync.ConfigManager
+import com.simprints.infra.logging.LoggingConstants.CrashReportTag.MULTI_FACTOR_ID
 import com.simprints.infra.logging.Simber
 import com.simprints.infra.resources.R
 import dagger.assisted.Assisted
@@ -29,6 +41,11 @@ internal class ExternalCredentialScanOcrViewModel @AssistedInject constructor(
     private val cropDocumentFromPreviewUseCase: CropDocumentFromPreviewUseCase,
     private val getCredentialCoordinatesUseCase: GetCredentialCoordinatesUseCase,
     private val keepOnlyBestDetectedBlockUseCase: KeepOnlyBestDetectedBlockUseCase,
+    private val saveScannedImageUseCase: SaveScannedImageUseCase,
+    private val zoomOntoCredentialUseCase: ZoomOntoCredentialUseCase,
+    private val tokenizationProcessor: TokenizationProcessor,
+    private val authStore: AuthStore,
+    private val configManager: ConfigManager,
     @DispatcherBG private val bgDispatcher: CoroutineDispatcher,
 ) : ViewModel() {
     @AssistedFactory
@@ -48,9 +65,9 @@ internal class ExternalCredentialScanOcrViewModel @AssistedInject constructor(
         }
     private val _stateLiveData = MutableLiveData<ScanOcrState>()
     val stateLiveData: LiveData<ScanOcrState> = _stateLiveData
-    val finishOcrEvent: LiveData<LiveDataEventWithContent<DetectedOcrBlock>>
+    val finishOcrEvent: LiveData<LiveDataEventWithContent<ScannedCredential>>
         get() = _finishOcrEvent
-    private val _finishOcrEvent = MutableLiveData<LiveDataEventWithContent<DetectedOcrBlock>>()
+    private val _finishOcrEvent = MutableLiveData<LiveDataEventWithContent<ScannedCredential>>()
 
     private fun updateState(state: (ScanOcrState) -> ScanOcrState) {
         this.state = state(this.state)
@@ -97,14 +114,45 @@ internal class ExternalCredentialScanOcrViewModel @AssistedInject constructor(
     }
 
     fun processOcrResultsAndFinish() {
+        updateState { ScanOcrState.Complete }
         viewModelScope.launch {
+            val project = configManager.getProject(authStore.signedInProjectId)
             val detectedBlock = keepOnlyBestDetectedBlockUseCase(detectedBlocks, ocrDocumentType)
-            _finishOcrEvent.send(detectedBlock)
+            val credentialType = detectedBlock.documentType.asExternalCredentialType()
+            val blockBoundingBox = detectedBlock.blockBoundingBox
+            val zoomedCredentialImagePath = buildZoomedImagePath(detectedBlock)
+            val credential = tokenizationProcessor.encrypt(
+                decrypted = detectedBlock.readoutValue.asTokenizableRaw(),
+                tokenKeyType = TokenKeyType.ExternalCredential,
+                project = project,
+            ) as TokenizableString.Tokenized
+            val scannedCredential = ScannedCredential(
+                credential = credential,
+                credentialType = credentialType,
+                documentImagePath = detectedBlock.imagePath,
+                zoomedCredentialImagePath = zoomedCredentialImagePath,
+                credentialBoundingBox = blockBoundingBox,
+            )
+            _finishOcrEvent.send(scannedCredential)
             detectedBlocks = emptyList()
-            updateState { ScanOcrState.NotScanning }
         }
     }
 
+    private fun buildZoomedImagePath(detectedBlock: DetectedOcrBlock): String? = try {
+        saveScannedImageUseCase(
+            bitmap = zoomOntoCredentialUseCase(detectedBlock.imagePath, detectedBlock.blockBoundingBox),
+            documentType = detectedBlock.documentType,
+            imageType = ZoomedInCredential,
+        )
+    } catch (e: Exception) {
+        Simber.e(
+            "Unable to zoom into bounding box [${detectedBlock.blockBoundingBox}] of ${detectedBlock.documentType} image ${detectedBlock.imagePath}",
+            e,
+            MULTI_FACTOR_ID,
+        )
+        null
+    }
+
     fun ocrOnFrameStarted() {
         isRunningOcrOnFrame = true
     }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ScanOcrState.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ScanOcrState.kt
index 170d8d4b07..0c14d4ef8d 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ScanOcrState.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/ScanOcrState.kt
@@ -11,6 +11,8 @@ internal sealed class ScanOcrState {
         val scansRequired: Int,
     ) : ScanOcrState()
 
+    data object Complete : ScanOcrState()
+
     companion object {
         val EMPTY = ScanOcrState.NotScanning
     }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/model/OcrDocumentType.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/model/OcrDocumentType.kt
index 65c7a33fe1..46c6e8cca5 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/model/OcrDocumentType.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/model/OcrDocumentType.kt
@@ -1,6 +1,19 @@
 package com.simprints.feature.externalcredential.screens.scanocr.model
 
+import com.simprints.core.domain.externalcredential.ExternalCredentialType
+
 enum class OcrDocumentType {
     NhisCard,
     GhanaIdCard,
 }
+
+fun ExternalCredentialType.asOcrDocumentType() = when (this) {
+    ExternalCredentialType.NHISCard -> OcrDocumentType.NhisCard
+    ExternalCredentialType.GhanaIdCard -> OcrDocumentType.GhanaIdCard
+    ExternalCredentialType.QRCode -> throw IllegalArgumentException("Cannot create Ocr Document Type from $this")
+}
+
+fun OcrDocumentType.asExternalCredentialType() = when (this) {
+    OcrDocumentType.NhisCard -> ExternalCredentialType.NHISCard
+    OcrDocumentType.GhanaIdCard -> ExternalCredentialType.GhanaIdCard
+}
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/CropDocumentFromPreviewUseCase.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/CropDocumentFromPreviewUseCase.kt
index b376308335..5b0f2d4979 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/CropDocumentFromPreviewUseCase.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/CropDocumentFromPreviewUseCase.kt
@@ -17,6 +17,12 @@ internal class CropDocumentFromPreviewUseCase @Inject constructor() {
         val width = right - left
         val height = bottom - top
 
+        if (width <= 0 || height <= 0) {
+            throw IllegalStateException(
+                "Invalid OCR crop dimensions: width=$width, height=$height. CutoutRect=[$cutoutRect], bitmapSize(w,h)=[${bitmap.width}x${bitmap.height}]",
+            )
+        }
+
         return Bitmap.createBitmap(bitmap, left, top, width, height)
     }
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/GetCredentialCoordinatesUseCase.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/GetCredentialCoordinatesUseCase.kt
index d7b8980bef..942abe575f 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/GetCredentialCoordinatesUseCase.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/GetCredentialCoordinatesUseCase.kt
@@ -9,6 +9,7 @@ import com.simprints.core.ExcludedFromGeneratedTestCoverageReports
 import com.simprints.feature.externalcredential.model.toBoundingBox
 import com.simprints.feature.externalcredential.screens.scanocr.model.DetectedOcrBlock
 import com.simprints.feature.externalcredential.screens.scanocr.model.OcrDocumentType
+import com.simprints.feature.externalcredential.screens.scanocr.usecase.SaveScannedImageUseCase.ScanImageType.FullDocument
 import com.simprints.infra.logging.LoggingConstants.CrashReportTag.MULTI_FACTOR_ID
 import com.simprints.infra.logging.Simber
 import javax.inject.Inject
@@ -60,7 +61,7 @@ internal class GetCredentialCoordinatesUseCase @Inject constructor(
                     if (isValid) {
                         val blockBoundingRect = textBlock.boundingBox ?: return@firstNotNullOfOrNull null
                         val lineBoundingRect = textLine.boundingBox ?: return@firstNotNullOfOrNull null
-                        val savedImagePath = saveScannedImageUseCase(bitmap, documentType)
+                        val savedImagePath = saveScannedImageUseCase(bitmap, documentType, imageType = FullDocument)
                         DetectedOcrBlock(
                             imagePath = savedImagePath,
                             documentType = documentType,
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/SaveScannedImageUseCase.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/SaveScannedImageUseCase.kt
index 01c53a6392..b9af489940 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/SaveScannedImageUseCase.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/SaveScannedImageUseCase.kt
@@ -18,9 +18,10 @@ internal class SaveScannedImageUseCase @Inject constructor(
     operator fun invoke(
         bitmap: Bitmap,
         documentType: OcrDocumentType,
+        imageType: ScanImageType,
     ): String {
         val documentTypeName = documentType.toString().trim().replace(" ", "")
-        val fileName = "ocr_scan_${documentTypeName}_${System.currentTimeMillis()}.jpg"
+        val fileName = "ocr_scan_${documentTypeName}_${imageType}_${System.currentTimeMillis()}.jpg"
         val file = File(context.cacheDir, fileName)
 
         file.outputStream().use { outputStream ->
@@ -29,4 +30,9 @@ internal class SaveScannedImageUseCase @Inject constructor(
 
         return file.absolutePath
     }
+
+    enum class ScanImageType {
+        FullDocument,
+        ZoomedInCredential,
+    }
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/ZoomOntoCredentialUseCase.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/ZoomOntoCredentialUseCase.kt
new file mode 100644
index 0000000000..ac7c11bea4
--- /dev/null
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/ZoomOntoCredentialUseCase.kt
@@ -0,0 +1,87 @@
+package com.simprints.feature.externalcredential.screens.scanocr.usecase
+
+import android.graphics.Bitmap
+import android.graphics.BitmapFactory
+import com.simprints.feature.externalcredential.model.BoundingBox
+import javax.inject.Inject
+import kotlin.math.max
+import kotlin.math.min
+
+internal class ZoomOntoCredentialUseCase @Inject constructor() {
+    /**
+     * Zooms into given image. Zoom area defined by the [boundingBox]
+     *
+     * @param imagePath path to image containing the document to zoom into
+     * @param boundingBox bounding box that defines the zoom area
+     * @return zoomed-in bitmap
+     */
+    operator fun invoke(
+        imagePath: String,
+        boundingBox: BoundingBox,
+    ): Bitmap {
+        val bitmap = BitmapFactory.decodeFile(imagePath)
+        val expandedBox = scaleBoundingBox(boundingBox, BOX_SCALE_FACTOR)
+
+        val left = expandedBox.left.coerceIn(0, bitmap.width)
+        val top = expandedBox.top.coerceIn(0, bitmap.height)
+        val right = expandedBox.right.coerceIn(left, bitmap.width)
+        val bottom = expandedBox.bottom.coerceIn(top, bitmap.height)
+        val boxWidth = right - left
+        val boxHeight = bottom - top
+
+        if (boxWidth <= 0 || boxHeight <= 0) {
+            return bitmap
+        }
+
+        val boxAspectRatio = boxWidth.toFloat() / boxHeight.toFloat()
+        val finalWidth: Int
+        val finalHeight: Int
+        // Bounding box is taller/wider than 16:10, adding padding to left/right or top/bottom
+        if (boxAspectRatio > TARGET_ASPECT_RATIO) {
+            finalWidth = boxWidth
+            finalHeight = (boxWidth / TARGET_ASPECT_RATIO).toInt()
+        } else {
+            finalHeight = boxHeight
+            finalWidth = (boxHeight * TARGET_ASPECT_RATIO).toInt()
+        }
+
+        val extraWidth = finalWidth - boxWidth
+        val extraHeight = finalHeight - boxHeight
+        val cropRight = min(bitmap.width, right + extraWidth / 2)
+        val cropBottom = min(bitmap.height, bottom + extraHeight / 2)
+
+        // Adjust if we hit image boundaries
+        val adjustedLeft = max(0, cropRight - finalWidth)
+        val adjustedTop = max(0, cropBottom - finalHeight)
+        val actualWidth = cropRight - adjustedLeft
+        val actualHeight = cropBottom - adjustedTop
+        return Bitmap.createBitmap(bitmap, adjustedLeft, adjustedTop, actualWidth, actualHeight)
+    }
+
+    /**
+     * Expands a bounding box by a percentage on all sides.
+     *
+     * @param box Original bounding box
+     * @return Expanded bounding box that may exceed image bounds as it is addressed later
+     */
+    private fun scaleBoundingBox(
+        box: BoundingBox,
+        scale: Float,
+    ): BoundingBox {
+        val boxWidth = box.right - box.left
+        val boxHeight = box.bottom - box.top
+        val horizontalExpansion = (boxWidth * (scale - 1f) / 2f).toInt()
+        val verticalExpansion = (boxHeight * (scale - 1f) / 2f).toInt()
+        return BoundingBox(
+            left = box.left - horizontalExpansion,
+            top = box.top - verticalExpansion,
+            right = box.right + horizontalExpansion,
+            bottom = box.bottom + verticalExpansion,
+        )
+    }
+
+    companion object {
+        private const val TARGET_ASPECT_RATIO = 16f / 10f
+        private const val BOX_SCALE_FACTOR = 1.15f
+    }
+}
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrFragment.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrFragment.kt
index 5460284735..2f02b6e221 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrFragment.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrFragment.kt
@@ -23,6 +23,7 @@ import androidx.navigation.fragment.findNavController
 import com.google.android.material.bottomsheet.BottomSheetBehavior
 import com.google.android.material.bottomsheet.BottomSheetDialog
 import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.core.domain.tokenization.TokenizableString
 import com.simprints.core.tools.extentions.getCurrentPermissionStatus
 import com.simprints.core.tools.extentions.hasPermission
 import com.simprints.core.tools.extentions.permissionFromResult
@@ -129,19 +130,20 @@ internal class ExternalCredentialScanQrFragment : Fragment(R.layout.fragment_ext
     }
 
     private fun renderScanComplete(state: ScanQrState.QrCodeCaptured) = with(binding) {
-        val qrCodeValue = state.qrCodeValue
+        val qrCodeRaw = state.qrCode
         qrInstructionsText.isVisible = false
         qrPreviewCard.isVisible = true
-        qrPreviewText.text = state.qrCodeValue
+        qrPreviewText.text = qrCodeRaw.value
         buttonScan.setText(IDR.string.mfid_continue)
         buttonScan.isEnabled = true
         buttonScan.setOnClickListener {
-            if (viewModel.isValidQrCodeFormat(qrCodeValue)) {
+            if (viewModel.isValidQrCodeFormat(qrCodeRaw)) {
                 val args = ScannedCredential(
-                    credential = qrCodeValue,
+                    credential = state.qrCodeEncrypted,
                     credentialType = ExternalCredentialType.QRCode,
-                    previewImagePath = null,
-                    imageBoundingBox = null,
+                    documentImagePath = null,
+                    credentialBoundingBox = null,
+                    zoomedCredentialImagePath = null,
                 )
                 findNavController().navigateSafely(
                     this@ExternalCredentialScanQrFragment,
@@ -149,7 +151,7 @@ internal class ExternalCredentialScanQrFragment : Fragment(R.layout.fragment_ext
                 )
             } else {
                 showInvalidQrCodeFormatDialog(
-                    qrCodeValue = qrCodeValue,
+                    qrCodeValue = qrCodeRaw,
                     onDismiss = {
                         dismissDialog()
                         viewModel.updateCapturedValue(null)
@@ -160,7 +162,7 @@ internal class ExternalCredentialScanQrFragment : Fragment(R.layout.fragment_ext
     }
 
     private fun showInvalidQrCodeFormatDialog(
-        qrCodeValue: String,
+        qrCodeValue: TokenizableString.Raw,
         onDismiss: () -> Unit,
     ) {
         dismissDialog()
@@ -170,7 +172,7 @@ internal class ExternalCredentialScanQrFragment : Fragment(R.layout.fragment_ext
                 .also { view ->
                     val qrValueTextView = view.findViewById<TextView>(R.id.qrValue)
                     val buttonRescan = view.findViewById<Button>(R.id.buttonRescan)
-                    qrValueTextView.text = qrCodeValue
+                    qrValueTextView.text = qrCodeValue.value
                     buttonRescan.setOnClickListener { dismissDialog() }
                 }
             it.setContentView(view)
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrViewModel.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrViewModel.kt
index a1e048441c..033a18bd92 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrViewModel.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrViewModel.kt
@@ -3,14 +3,25 @@ package com.simprints.feature.externalcredential.screens.scanqr
 import androidx.lifecycle.LiveData
 import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.ViewModel
+import androidx.lifecycle.viewModelScope
 import com.simprints.core.domain.permission.PermissionStatus
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.core.domain.tokenization.asTokenizableRaw
 import com.simprints.feature.externalcredential.screens.scanqr.usecase.ExternalCredentialQrCodeValidatorUseCase
+import com.simprints.infra.authstore.AuthStore
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
+import com.simprints.infra.config.sync.ConfigManager
 import dagger.hilt.android.lifecycle.HiltViewModel
+import kotlinx.coroutines.launch
 import javax.inject.Inject
 
 @HiltViewModel
 internal class ExternalCredentialScanQrViewModel @Inject constructor(
     private val externalCredentialQrCodeValidator: ExternalCredentialQrCodeValidatorUseCase,
+    private val authStore: AuthStore,
+    private val configManager: ConfigManager,
+    private val tokenizationProcessor: TokenizationProcessor,
 ) : ViewModel() {
     private var state: ScanQrState = ScanQrState.ReadyToScan
         set(value) {
@@ -25,11 +36,21 @@ internal class ExternalCredentialScanQrViewModel @Inject constructor(
     }
 
     fun updateCapturedValue(value: String?) {
-        val newState = when (value) {
-            null -> ScanQrState.ReadyToScan
-            else -> ScanQrState.QrCodeCaptured(value)
+        viewModelScope.launch {
+            val newState = when (value) {
+                null -> ScanQrState.ReadyToScan
+                else -> {
+                    val project = configManager.getProject(authStore.signedInProjectId)
+                    val qrCodeEncrypted = tokenizationProcessor.encrypt(
+                        decrypted = value.asTokenizableRaw(),
+                        tokenKeyType = TokenKeyType.ExternalCredential,
+                        project = project,
+                    ) as TokenizableString.Tokenized
+                    ScanQrState.QrCodeCaptured(qrCode = value.asTokenizableRaw(), qrCodeEncrypted = qrCodeEncrypted)
+                }
+            }
+            updateState { newState }
         }
-        updateState { newState }
     }
 
     fun updateCameraPermissionStatus(permissionStatus: PermissionStatus) {
@@ -41,5 +62,5 @@ internal class ExternalCredentialScanQrViewModel @Inject constructor(
         updateState { newState }
     }
 
-    fun isValidQrCodeFormat(qrCodeValue: String): Boolean = externalCredentialQrCodeValidator(qrCodeValue)
+    fun isValidQrCodeFormat(qrCodeValue: TokenizableString.Raw): Boolean = externalCredentialQrCodeValidator(qrCodeValue.value)
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ScanQrState.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ScanQrState.kt
index df2c00fe53..6ee7decf90 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ScanQrState.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/scanqr/ScanQrState.kt
@@ -1,5 +1,7 @@
 package com.simprints.feature.externalcredential.screens.scanqr
 
+import com.simprints.core.domain.tokenization.TokenizableString
+
 sealed class ScanQrState {
     data object ReadyToScan : ScanQrState()
 
@@ -8,6 +10,7 @@ sealed class ScanQrState {
     ) : ScanQrState()
 
     data class QrCodeCaptured(
-        val qrCodeValue: String,
+        val qrCode: TokenizableString.Raw,
+        val qrCodeEncrypted: TokenizableString.Tokenized,
     ) : ScanQrState()
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchFragment.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchFragment.kt
index 1649493620..73d7c6207b 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchFragment.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchFragment.kt
@@ -1,32 +1,248 @@
 package com.simprints.feature.externalcredential.screens.search
 
+import android.content.Context
 import android.graphics.BitmapFactory
 import android.os.Bundle
 import android.view.View
+import android.view.inputmethod.InputMethodManager
+import androidx.core.content.ContextCompat
+import androidx.core.view.isVisible
 import androidx.fragment.app.Fragment
+import androidx.fragment.app.activityViewModels
+import androidx.fragment.app.viewModels
+import androidx.lifecycle.ViewModel
+import androidx.lifecycle.ViewModelProvider
+import androidx.navigation.fragment.findNavController
 import androidx.navigation.fragment.navArgs
+import com.simprints.core.domain.common.FlowType
+import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.core.domain.tokenization.asTokenizableRaw
+import com.simprints.core.livedata.LiveDataEventWithContentObserver
+import com.simprints.core.tools.extentions.hideKeyboard
 import com.simprints.feature.externalcredential.R
 import com.simprints.feature.externalcredential.databinding.FragmentExternalCredentialSearchBinding
+import com.simprints.feature.externalcredential.screens.controller.ExternalCredentialViewModel
+import com.simprints.feature.externalcredential.screens.scanocr.usecase.ZoomOntoCredentialUseCase
+import com.simprints.feature.externalcredential.screens.search.model.ScannedCredential
+import com.simprints.feature.externalcredential.screens.search.model.SearchCredentialState
+import com.simprints.feature.externalcredential.screens.search.model.SearchState
+import com.simprints.infra.logging.LoggingConstants.CrashReportTag.MULTI_FACTOR_ID
+import com.simprints.infra.logging.Simber
+import com.simprints.infra.uibase.navigation.navigateSafely
 import com.simprints.infra.uibase.viewbinding.viewBinding
 import dagger.hilt.android.AndroidEntryPoint
+import javax.inject.Inject
+import com.simprints.infra.resources.R as IDR
 
 @AndroidEntryPoint
 internal class ExternalCredentialSearchFragment : Fragment(R.layout.fragment_external_credential_search) {
     private val args: ExternalCredentialSearchFragmentArgs by navArgs()
     private val binding by viewBinding(FragmentExternalCredentialSearchBinding::bind)
+    private val mainViewModel: ExternalCredentialViewModel by activityViewModels()
+    private val viewModel by viewModels<ExternalCredentialSearchViewModel> {
+        object : ViewModelProvider.Factory {
+            override fun <T : ViewModel> create(modelClass: Class<T>): T {
+                @Suppress("UNCHECKED_CAST")
+                return viewModelFactory.create(
+                    scannedCredential = args.scannedCredential,
+                    externalCredentialParams = mainViewModel.params,
+                ) as T
+            }
+        }
+    }
+
+    @Inject
+    lateinit var viewModelFactory: ExternalCredentialSearchViewModel.Factory
+
+    @Inject
+    lateinit var zoomOntoCredentialUseCase: ZoomOntoCredentialUseCase
+    private var isEditingCredential: Boolean = false
 
     override fun onViewCreated(
         view: View,
         savedInstanceState: Bundle?,
     ) {
         super.onViewCreated(view, savedInstanceState)
-        super.onCreate(savedInstanceState)
-        val imagePath = args.scannedCredential.previewImagePath!!
-        loadScannedImage(imagePath)
+        initObservers()
+    }
+
+    override fun onPause() {
+        hideKeyboard()
+        super.onPause()
+    }
+
+    private fun initObservers() {
+        viewModel.stateLiveData.observe(viewLifecycleOwner) { state ->
+            renderCredentialCard(state)
+            renderSearchProgress(state.searchState, state.scannedCredential.credentialType, state.flowType)
+            renderButtons(state)
+        }
+        viewModel.finishEvent.observe(
+            viewLifecycleOwner,
+            LiveDataEventWithContentObserver { result ->
+                mainViewModel.finish(result)
+            },
+        )
+    }
+
+    private fun renderCredentialCard(state: SearchCredentialState) = with(binding) {
+        val credential = state.displayedCredential?.value.orEmpty()
+        val credentialType = state.scannedCredential.credentialType
+        val credentialField = getString(mainViewModel.mapTypeToCredentialFieldResource(credentialType))
+        val currentEditTextValue = credentialEditText.text.toString()
+        renderImage(state.scannedCredential)
+        credential.takeIf { currentEditTextValue.isEmpty() }?.let {
+            credentialEditText.setText(it) // Setting only once at the start
+        }
+        documentTypeTitle.text = credentialField
+        credentialEditText.inputType = viewModel.getKeyBoardInputType()
+        credentialEditText.hint = credentialField
+        credentialValue.text = currentEditTextValue
+        confirmCredentialCheckbox.isVisible = state.searchState != SearchState.Searching
+        confirmCredentialCheckbox.text = getString(IDR.string.mfid_confirmation_checkbox_text, credentialField)
+        confirmCredentialCheckbox.isChecked = state.isConfirmed
+
+        iconEditCredential.setOnClickListener {
+            viewModel.updateConfirmation(isConfirmed = false)
+            toggleCredentialEdit()
+            if (!isEditingCredential) {
+                viewModel.confirmCredentialUpdate(credentialEditText.text.toString().asTokenizableRaw())
+            }
+        }
+        confirmCredentialCheckbox.setOnCheckedChangeListener { _, checkedId ->
+            viewModel.updateConfirmation(isConfirmed = checkedId)
+        }
+    }
+
+    private fun renderSearchProgress(
+        searchState: SearchState,
+        credentialType: ExternalCredentialType,
+        flowType: FlowType,
+    ) = with(binding) {
+        when (searchState) {
+            SearchState.Searching -> {
+                searchProgressCard.isVisible = true
+                searchResultCard.isVisible = false
+            }
+
+            is SearchState.CredentialLinked -> {
+                searchProgressCard.isVisible = false
+                searchResultCard.isVisible = true
+
+                when (flowType) {
+                    FlowType.ENROL -> renderEnrolCredentialLinked(credentialType)
+                    else -> { // Identification flow
+                        if (searchState.hasSuccessfulVerifications) {
+                            renderIdentifyCredentialVerificationConfirmed()
+                        } else {
+                            renderIdentifyCredentialVerificationFailed(credentialType)
+                        }
+                    }
+                }
+            }
+
+            SearchState.CredentialNotFound -> {
+                searchProgressCard.isVisible = false
+                when (flowType) {
+                    FlowType.ENROL -> renderEnrolCredentialNotFound()
+                    else -> renderIdentifyCredentialNotFound(credentialType)
+                }
+            }
+        }
+    }
+
+    private fun renderEnrolCredentialLinked(credentialType: ExternalCredentialType) = with(binding) {
+        iconSearchResult.setImageResource(R.drawable.ic_warning)
+        iconSearchResult.isVisible = true
+        val credentialField = getString(mainViewModel.mapTypeToCredentialFieldResource(credentialType))
+        val searchResultText = getString(IDR.string.mfid_search_found_enrol, credentialField)
+        textSearchResult.text = searchResultText
+        textSearchResult.setTextColor(ContextCompat.getColor(requireContext(), IDR.color.simprints_red))
+    }
+
+    private fun renderIdentifyCredentialVerificationConfirmed() = with(binding) {
+        iconSearchResult.setImageResource(IDR.drawable.ic_checked_green_large)
+        iconSearchResult.isVisible = true
+        textSearchResult.setText(IDR.string.mfid_search_found_identification)
+        textSearchResult.setTextColor(ContextCompat.getColor(requireContext(), IDR.color.simprints_black))
+    }
+
+    private fun renderIdentifyCredentialVerificationFailed(credentialType: ExternalCredentialType) = with(binding) {
+        iconSearchResult.setImageResource(R.drawable.ic_warning)
+        iconSearchResult.isVisible = true
+        val credential = getString(mainViewModel.mapTypeToStringResource(credentialType))
+        textSearchResult.text = getString(IDR.string.mfid_search_found_identification_low_match_score, credential)
+        textSearchResult.setTextColor(ContextCompat.getColor(requireContext(), IDR.color.simprints_red))
+    }
+
+    private fun renderEnrolCredentialNotFound() = with(binding) {
+        searchResultCard.isVisible = false
+    }
+
+    private fun renderIdentifyCredentialNotFound(credentialType: ExternalCredentialType) = with(binding) {
+        searchResultCard.isVisible = true
+        iconSearchResult.isVisible = false
+        val credential = getString(mainViewModel.mapTypeToStringResource(credentialType))
+        val credentialField = getString(mainViewModel.mapTypeToCredentialFieldResource(credentialType))
+        val searchResultText = getString(IDR.string.mfid_search_not_found_identification, credentialField, credential)
+        textSearchResult.text = searchResultText
+        val textColor = IDR.color.simprints_black
+        textSearchResult.setTextColor(ContextCompat.getColor(requireContext(), textColor))
+    }
+
+    private fun renderButtons(state: SearchCredentialState) = with(binding) {
+        val isSearching = state.searchState != SearchState.Searching
+        buttonRecapture.isVisible = isSearching
+        buttonConfirm.isVisible = isSearching
+        buttonConfirm.isEnabled = state.isConfirmed
+        viewModel.getButtonTextResource(state.searchState, state.flowType)?.run(buttonConfirm::setText)
+        buttonConfirm.setOnClickListener {
+            viewModel.finish(state.searchState)
+        }
+        buttonRecapture.setOnClickListener {
+            findNavController().navigateSafely(
+                this@ExternalCredentialSearchFragment,
+                ExternalCredentialSearchFragmentDirections.actionExternalCredentialSearchToExternalCredentialSelectFragment(),
+            )
+        }
+    }
+
+    private fun renderImage(credential: ScannedCredential) {
+        val documentImagePath: String? = credential.documentImagePath
+        binding.documentPreview.isVisible = documentImagePath != null
+        if (documentImagePath == null) return
+
+        try {
+            val imagePath: String = credential.zoomedCredentialImagePath ?: documentImagePath
+            val displayedImage = BitmapFactory.decodeFile(imagePath)
+            binding.documentPreview.setImageBitmap(displayedImage)
+        } catch (e: Exception) {
+            Simber.e("Unable to get [$documentImagePath] OCR image", e, tag = MULTI_FACTOR_ID)
+        }
+    }
+
+    private fun toggleCredentialEdit() = with(binding) {
+        isEditingCredential = !isEditingCredential
+        val iconRes = if (isEditingCredential) {
+            R.drawable.ic_done
+        } else {
+            R.drawable.ic_edit
+        }
+        iconEditCredential.setImageResource(iconRes)
+        credentialValue.isVisible = !isEditingCredential
+        credentialEditText.isVisible = isEditingCredential
+        if (isEditingCredential) {
+            credentialEditText.setSelection(credentialEditText.text.length)
+            val inputManager =
+                requireContext().getSystemService(Context.INPUT_METHOD_SERVICE) as InputMethodManager
+            inputManager.showSoftInput(credentialEditText, InputMethodManager.SHOW_IMPLICIT)
+        }
+        if (!isEditingCredential) {
+            hideKeyboard()
+        }
     }
 
-    private fun loadScannedImage(imagePath: String) {
-        val bitmap = BitmapFactory.decodeFile(imagePath)
-        binding.scannedImage.setImageBitmap(bitmap)
+    private fun hideKeyboard() {
+        requireActivity().hideKeyboard()
     }
 }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchViewModel.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchViewModel.kt
new file mode 100644
index 0000000000..af0e88921c
--- /dev/null
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchViewModel.kt
@@ -0,0 +1,168 @@
+package com.simprints.feature.externalcredential.screens.search
+
+import android.text.InputType
+import androidx.lifecycle.LiveData
+import androidx.lifecycle.MutableLiveData
+import androidx.lifecycle.ViewModel
+import androidx.lifecycle.viewModelScope
+import com.simprints.core.domain.common.FlowType
+import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.core.livedata.LiveDataEventWithContent
+import com.simprints.core.livedata.send
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
+import com.simprints.feature.externalcredential.model.ExternalCredentialParams
+import com.simprints.feature.externalcredential.screens.search.model.ScannedCredential
+import com.simprints.feature.externalcredential.screens.search.model.SearchCredentialState
+import com.simprints.feature.externalcredential.screens.search.model.SearchState
+import com.simprints.feature.externalcredential.screens.search.usecase.MatchCandidatesUseCase
+import com.simprints.infra.authstore.AuthStore
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
+import com.simprints.infra.config.sync.ConfigManager
+import com.simprints.infra.enrolment.records.repository.EnrolmentRecordRepository
+import com.simprints.infra.enrolment.records.repository.domain.models.SubjectQuery
+import dagger.assisted.Assisted
+import dagger.assisted.AssistedFactory
+import dagger.assisted.AssistedInject
+import kotlinx.coroutines.launch
+import com.simprints.infra.resources.R as IDR
+
+internal class ExternalCredentialSearchViewModel @AssistedInject constructor(
+    @Assisted val scannedCredential: ScannedCredential,
+    @Assisted val externalCredentialParams: ExternalCredentialParams,
+    private val authStore: AuthStore,
+    private val configManager: ConfigManager,
+    private val matchCandidatesUseCase: MatchCandidatesUseCase,
+    private val tokenizationProcessor: TokenizationProcessor,
+    private val enrolmentRecordRepository: EnrolmentRecordRepository,
+) : ViewModel() {
+    @AssistedFactory
+    interface Factory {
+        fun create(
+            scannedCredential: ScannedCredential,
+            externalCredentialParams: ExternalCredentialParams,
+        ): ExternalCredentialSearchViewModel
+    }
+
+    val finishEvent: LiveData<LiveDataEventWithContent<ExternalCredentialSearchResult>>
+        get() = _finishEvent
+    private val _finishEvent = MutableLiveData<LiveDataEventWithContent<ExternalCredentialSearchResult>>()
+    private var state: SearchCredentialState =
+        SearchCredentialState.buildInitial(scannedCredential, externalCredentialParams.flowType)
+        set(value) {
+            field = value
+            _stateLiveData.postValue(value)
+        }
+    private val _stateLiveData = MutableLiveData(state)
+    val stateLiveData: LiveData<SearchCredentialState> = _stateLiveData
+
+    private fun updateState(state: (SearchCredentialState) -> SearchCredentialState) {
+        this.state = state(this.state)
+    }
+
+    init {
+        viewModelScope.launch {
+            decryptCredentialToDisplay(scannedCredential.credential)
+            searchSubjectsLinkedToCredential(scannedCredential.credential)
+        }
+    }
+
+    fun updateConfirmation(isConfirmed: Boolean) {
+        updateState { it.copy(isConfirmed = isConfirmed) }
+    }
+
+    fun confirmCredentialUpdate(updatedCredential: TokenizableString.Raw) {
+        viewModelScope.launch {
+            val project = configManager.getProject(authStore.signedInProjectId)
+            val encryptedCredential = tokenizationProcessor.encrypt(
+                decrypted = updatedCredential,
+                tokenKeyType = TokenKeyType.ExternalCredential,
+                project = project,
+            ) as TokenizableString.Tokenized
+            updateState { currentState ->
+                currentState.copy(
+                    isConfirmed = false,
+                    scannedCredential = currentState.scannedCredential.copy(
+                        credential = encryptedCredential,
+                    ),
+                    displayedCredential = updatedCredential,
+                )
+            }
+            searchSubjectsLinkedToCredential(encryptedCredential)
+        }
+    }
+
+    fun getButtonTextResource(
+        searchState: SearchState,
+        flowType: FlowType,
+    ): Int? = when (searchState) {
+        SearchState.Searching -> null // button is not displayed during search
+        is SearchState.CredentialLinked -> when (flowType) {
+            FlowType.ENROL -> IDR.string.mfid_action_enrol_anyway
+            else -> {
+                if (searchState.hasSuccessfulVerifications) {
+                    IDR.string.mfid_action_go_to_record
+                } else {
+                    IDR.string.mfid_action_continue
+                }
+            }
+        }
+
+        SearchState.CredentialNotFound -> when (flowType) {
+            FlowType.ENROL -> IDR.string.mfid_action_enrol
+            else -> IDR.string.mfid_continue
+        }
+    }
+
+    private suspend fun decryptCredentialToDisplay(credential: TokenizableString.Tokenized) {
+        val project = configManager.getProject(authStore.signedInProjectId)
+        val decrypted = tokenizationProcessor.decrypt(
+            encrypted = credential,
+            tokenKeyType = TokenKeyType.ExternalCredential,
+            project = project,
+        ) as TokenizableString.Raw
+        updateState { it.copy(displayedCredential = decrypted) }
+    }
+
+    private suspend fun searchSubjectsLinkedToCredential(credential: TokenizableString.Tokenized) {
+        updateState { it.copy(searchState = SearchState.Searching) }
+        val project = configManager.getProject(authStore.signedInProjectId)
+        val candidates = enrolmentRecordRepository.load(SubjectQuery(projectId = project.id, externalCredential = credential))
+        when {
+            candidates.isEmpty() -> updateState { it.copy(searchState = SearchState.CredentialNotFound) }
+            else -> {
+                val projectConfig = configManager.getProjectConfiguration()
+                val matches = matchCandidatesUseCase(candidates, credential, externalCredentialParams, project, projectConfig)
+                updateState { state -> state.copy(searchState = SearchState.CredentialLinked(matchResults = matches)) }
+            }
+        }
+    }
+
+    /**
+     * Function for QOL improvement. Sets the keyboard to specific [InputType] based on the credential type. QR code and Ghana ID card are
+     * alpha-numeric, while the NHIS card memberships contain only digits.
+     */
+    fun getKeyBoardInputType() = when (scannedCredential.credentialType) {
+        ExternalCredentialType.NHISCard -> InputType.TYPE_CLASS_NUMBER // NHIS card membership contains only numbers
+        ExternalCredentialType.GhanaIdCard -> InputType.TYPE_CLASS_TEXT
+        ExternalCredentialType.QRCode -> InputType.TYPE_CLASS_TEXT
+    }
+
+    fun finish(searchState: SearchState) {
+        val matches = when (searchState) {
+            SearchState.Searching,
+            SearchState.CredentialNotFound,
+            -> emptyList()
+
+            is SearchState.CredentialLinked -> searchState.matchResults
+        }
+        _finishEvent.send(
+            ExternalCredentialSearchResult(
+                flowType = externalCredentialParams.flowType,
+                scannedCredential = scannedCredential,
+                matchResults = matches,
+            ),
+        )
+    }
+}
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/model/ScannedCredential.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/model/ScannedCredential.kt
index ba98df1cf9..3d478e0f63 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/model/ScannedCredential.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/model/ScannedCredential.kt
@@ -2,13 +2,15 @@ package com.simprints.feature.externalcredential.screens.search.model
 
 import androidx.annotation.Keep
 import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.core.domain.tokenization.TokenizableString
 import com.simprints.feature.externalcredential.model.BoundingBox
 import java.io.Serializable
 
 @Keep
 data class ScannedCredential(
-    val credential: String,
+    val credential: TokenizableString.Tokenized,
     val credentialType: ExternalCredentialType,
-    val previewImagePath: String?,
-    val imageBoundingBox: BoundingBox?,
+    val documentImagePath: String?,
+    val zoomedCredentialImagePath: String?,
+    val credentialBoundingBox: BoundingBox?,
 ) : Serializable
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/model/SearchCredentialState.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/model/SearchCredentialState.kt
new file mode 100644
index 0000000000..4493365467
--- /dev/null
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/model/SearchCredentialState.kt
@@ -0,0 +1,45 @@
+package com.simprints.feature.externalcredential.screens.search.model
+
+import androidx.annotation.Keep
+import com.simprints.core.ExcludedFromGeneratedTestCoverageReports
+import com.simprints.core.domain.common.FlowType
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.feature.externalcredential.model.CredentialMatch
+
+@Keep
+@ExcludedFromGeneratedTestCoverageReports("Data struct")
+internal data class SearchCredentialState(
+    val scannedCredential: ScannedCredential,
+    val displayedCredential: TokenizableString.Raw?,
+    val flowType: FlowType,
+    val searchState: SearchState,
+    val isConfirmed: Boolean,
+) {
+    companion object {
+        fun buildInitial(
+            scannedCredential: ScannedCredential,
+            flowType: FlowType,
+        ) = SearchCredentialState(
+            scannedCredential = scannedCredential,
+            displayedCredential = null,
+            flowType = flowType,
+            searchState = SearchState.Searching,
+            isConfirmed = false,
+        )
+    }
+}
+
+@Keep
+@ExcludedFromGeneratedTestCoverageReports("State data class")
+internal sealed class SearchState {
+    data object Searching : SearchState()
+
+    data class CredentialLinked(
+        val matchResults: List<CredentialMatch>,
+    ) : SearchState() {
+        val goodMatches = matchResults.filter(CredentialMatch::isVerificationSuccessful)
+        val hasSuccessfulVerifications: Boolean = goodMatches.isNotEmpty()
+    }
+
+    data object CredentialNotFound : SearchState()
+}
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/usecase/CreateMatchParamsUseCase.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/usecase/CreateMatchParamsUseCase.kt
new file mode 100644
index 0000000000..241cbe01a8
--- /dev/null
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/usecase/CreateMatchParamsUseCase.kt
@@ -0,0 +1,43 @@
+package com.simprints.feature.externalcredential.screens.search.usecase
+
+import com.simprints.core.domain.common.FlowType
+import com.simprints.infra.config.store.models.AgeGroup
+import com.simprints.infra.config.store.models.GeneralConfiguration.Modality
+import com.simprints.infra.config.store.models.ProjectConfiguration
+import com.simprints.infra.config.store.models.determineFaceSDKs
+import com.simprints.infra.config.store.models.determineFingerprintSDKs
+import com.simprints.infra.enrolment.records.repository.domain.models.BiometricDataSource
+import com.simprints.infra.enrolment.records.repository.domain.models.SubjectQuery
+import com.simprints.infra.matching.MatchParams
+import javax.inject.Inject
+
+internal class CreateMatchParamsUseCase @Inject constructor() {
+    operator fun invoke(
+        candidateSubjectId: String,
+        flowType: FlowType,
+        probeReferenceId: String?,
+        projectConfiguration: ProjectConfiguration,
+        faceSamples: List<MatchParams.FaceSample>,
+        fingerprintSamples: List<MatchParams.FingerprintSample>,
+        ageGroup: AgeGroup?,
+    ): List<MatchParams> = projectConfiguration.general.matchingModalities
+        .map { modality ->
+            val template = MatchParams(
+                probeReferenceId = probeReferenceId.orEmpty(),
+                flowType = flowType,
+                queryForCandidates = SubjectQuery(subjectId = candidateSubjectId),
+                biometricDataSource = BiometricDataSource.Simprints, // [MS-1167] No CoSync in initial MF-ID implementation
+            )
+            when (modality) {
+                Modality.FACE ->
+                    projectConfiguration
+                        .determineFaceSDKs(ageGroup)
+                        .map { template.copy(faceSDK = it, probeFaceSamples = faceSamples) }
+
+                Modality.FINGERPRINT ->
+                    projectConfiguration
+                        .determineFingerprintSDKs(ageGroup)
+                        .map { template.copy(fingerprintSDK = it, probeFingerprintSamples = fingerprintSamples) }
+            }
+        }.flatten()
+}
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/usecase/MatchCandidatesUseCase.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/usecase/MatchCandidatesUseCase.kt
new file mode 100644
index 0000000000..b63d6e6d79
--- /dev/null
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/search/usecase/MatchCandidatesUseCase.kt
@@ -0,0 +1,77 @@
+package com.simprints.feature.externalcredential.screens.search.usecase
+
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.feature.externalcredential.model.CredentialMatch
+import com.simprints.feature.externalcredential.model.ExternalCredentialParams
+import com.simprints.infra.config.store.models.Project
+import com.simprints.infra.config.store.models.ProjectConfiguration
+import com.simprints.infra.enrolment.records.repository.domain.models.Subject
+import com.simprints.infra.matching.usecase.FaceMatcherUseCase
+import com.simprints.infra.matching.usecase.FingerprintMatcherUseCase
+import com.simprints.infra.matching.usecase.MatcherUseCase.MatcherState
+import kotlinx.coroutines.flow.last
+import javax.inject.Inject
+
+internal class MatchCandidatesUseCase @Inject constructor(
+    private val createMatchParamsUseCase: CreateMatchParamsUseCase,
+    private val faceMatcher: FaceMatcherUseCase,
+    private val fingerprintMatcher: FingerprintMatcherUseCase,
+) {
+    suspend operator fun invoke(
+        candidates: List<Subject>,
+        credential: TokenizableString.Tokenized,
+        externalCredentialParams: ExternalCredentialParams,
+        project: Project,
+        projectConfig: ProjectConfiguration,
+    ): List<CredentialMatch> = candidates.flatMap { candidate ->
+        val matchParams = createMatchParamsUseCase(
+            candidateSubjectId = candidate.subjectId,
+            flowType = externalCredentialParams.flowType,
+            probeReferenceId = externalCredentialParams.probeReferenceId,
+            projectConfiguration = projectConfig,
+            faceSamples = externalCredentialParams.faceSamples,
+            fingerprintSamples = externalCredentialParams.fingerprintSamples,
+            ageGroup = externalCredentialParams.ageGroup,
+        )
+        matchParams
+            .mapNotNull { matchParams ->
+                when {
+                    matchParams.probeFaceSamples.isNotEmpty() -> {
+                        val faceSdk = matchParams.faceSDK ?: return@mapNotNull null
+                        projectConfig.face?.getSdkConfiguration(faceSdk)?.verificationMatchThreshold?.let { matchThreshold ->
+                            (faceMatcher(matchParams, project).last() as? MatcherState.Success)
+                                ?.matchResultItems
+                                .orEmpty()
+                                .map { result ->
+                                    CredentialMatch(
+                                        credential = credential,
+                                        matchResult = result,
+                                        verificationThreshold = matchThreshold,
+                                        faceBioSdk = faceSdk,
+                                        fingerprintBioSdk = null,
+                                    )
+                                }
+                        }
+                    }
+
+                    else -> {
+                        val fingerprintSdk = matchParams.fingerprintSDK ?: return@mapNotNull null
+                        projectConfig.fingerprint?.getSdkConfiguration(fingerprintSdk)?.verificationMatchThreshold?.let { matchThreshold ->
+                            (fingerprintMatcher(matchParams, project).last() as? MatcherState.Success)
+                                ?.matchResultItems
+                                .orEmpty()
+                                .map { result ->
+                                    CredentialMatch(
+                                        credential = credential,
+                                        matchResult = result,
+                                        verificationThreshold = matchThreshold,
+                                        faceBioSdk = null,
+                                        fingerprintBioSdk = fingerprintSdk,
+                                    )
+                                }
+                        }
+                    }
+                }
+            }.flatten()
+    }
+}
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/select/ExternalCredentialSelectFragment.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/select/ExternalCredentialSelectFragment.kt
index 992137301c..568442d99a 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/select/ExternalCredentialSelectFragment.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/screens/select/ExternalCredentialSelectFragment.kt
@@ -18,6 +18,7 @@ import com.simprints.feature.externalcredential.databinding.FragmentExternalCred
 import com.simprints.feature.externalcredential.ext.getQuantityCredentialString
 import com.simprints.feature.externalcredential.screens.controller.ExternalCredentialViewModel
 import com.simprints.feature.externalcredential.screens.scanocr.model.OcrDocumentType
+import com.simprints.feature.externalcredential.screens.scanocr.model.asOcrDocumentType
 import com.simprints.feature.externalcredential.screens.select.view.ExternalCredentialTypeAdapter
 import com.simprints.infra.logging.LoggingConstants.CrashReportTag.ORCHESTRATION
 import com.simprints.infra.logging.Simber
@@ -107,8 +108,10 @@ internal class ExternalCredentialSelectFragment : Fragment(R.layout.fragment_ext
 
     private fun navigateToScanner(type: ExternalCredentialType) {
         when (type) {
-            ExternalCredentialType.NHISCard -> startOcr(OcrDocumentType.NhisCard)
-            ExternalCredentialType.GhanaIdCard -> startOcr(OcrDocumentType.GhanaIdCard)
+            ExternalCredentialType.NHISCard,
+            ExternalCredentialType.GhanaIdCard,
+            -> startOcr(type.asOcrDocumentType())
+
             ExternalCredentialType.QRCode -> startQrScan()
         }
     }
diff --git a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/view/DocumentScanMaskView.kt b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/view/DocumentScanMaskView.kt
index 07c0598fcd..540139638d 100644
--- a/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/view/DocumentScanMaskView.kt
+++ b/feature/external-credential/src/main/java/com/simprints/feature/externalcredential/view/DocumentScanMaskView.kt
@@ -9,6 +9,7 @@ import android.graphics.Rect
 import android.util.AttributeSet
 import android.view.View
 import android.view.ViewGroup
+import androidx.annotation.ColorInt
 import androidx.core.content.ContextCompat
 import com.simprints.feature.externalcredential.R
 import com.simprints.infra.uibase.annotations.ExcludedFromGeneratedTestCoverageReports
@@ -98,4 +99,11 @@ class DocumentScanMaskView @JvmOverloads constructor(
             }
         }
     }
+
+    fun setMaskColor(
+        @ColorInt color: Int,
+    ) {
+        bgPaint.color = color
+        invalidate()
+    }
 }
diff --git a/feature/external-credential/src/main/res/drawable/glow_background.xml b/feature/external-credential/src/main/res/drawable/glow_background.xml
new file mode 100644
index 0000000000..783e5e04c5
--- /dev/null
+++ b/feature/external-credential/src/main/res/drawable/glow_background.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<shape xmlns:android="http://schemas.android.com/apk/res/android"
+    android:shape="rectangle">
+    <gradient
+        android:type="radial"
+        android:centerX="50%"
+        android:centerY="50%"
+        android:centerColor="@color/transparent"
+        android:gradientRadius="70%"
+        android:endColor="@color/simprints_white"
+        android:startColor="@android:color/transparent" />
+    <corners android:radius="8dp" />
+</shape>
diff --git a/feature/external-credential/src/main/res/drawable/ic_done.xml b/feature/external-credential/src/main/res/drawable/ic_done.xml
new file mode 100644
index 0000000000..c7ea9bc53a
--- /dev/null
+++ b/feature/external-credential/src/main/res/drawable/ic_done.xml
@@ -0,0 +1,9 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportWidth="960"
+    android:viewportHeight="960">
+    <path
+        android:fillColor="#00B3D1"
+        android:pathData="M382,720L154,492L211,435L382,606L749,239L806,296L382,720Z" />
+</vector>
diff --git a/feature/external-credential/src/main/res/drawable/ic_edit.xml b/feature/external-credential/src/main/res/drawable/ic_edit.xml
new file mode 100644
index 0000000000..837aabdeed
--- /dev/null
+++ b/feature/external-credential/src/main/res/drawable/ic_edit.xml
@@ -0,0 +1,10 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportWidth="960"
+    android:viewportHeight="960"
+    android:tint="?attr/colorControlNormal">
+    <path
+        android:fillColor="#FF888888"
+        android:pathData="M200,760L257,760L648,369L591,312L200,703L200,760ZM120,840L120,670L648,143Q660,132 674.5,126Q689,120 705,120Q721,120 736,126Q751,132 762,144L817,200Q829,211 834.5,226Q840,241 840,256Q840,272 834.5,286.5Q829,301 817,313L290,840L120,840ZM760,256L760,256L704,200L704,200L760,256ZM619,341L591,312L591,312L648,369L648,369L619,341Z"/>
+</vector>
diff --git a/feature/external-credential/src/main/res/drawable/ic_warning.xml b/feature/external-credential/src/main/res/drawable/ic_warning.xml
new file mode 100644
index 0000000000..22f3a578ad
--- /dev/null
+++ b/feature/external-credential/src/main/res/drawable/ic_warning.xml
@@ -0,0 +1,10 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportWidth="960"
+    android:viewportHeight="960">
+    <path
+        android:fillColor="#CE4141"
+        android:fillType="nonZero"
+        android:pathData="M109,840Q98,840 89,834.5Q80,829 75,820Q70,811 69.5,800.5Q69,790 75,780L445,140Q451,130 460.5,125Q470,120 480,120Q490,120 499.5,125Q509,130 515,140L885,780Q891,790 890.5,800.5Q890,811 885,820Q880,829 871,834.5Q862,840 851,840L109,840ZM178,760L782,760L480,240L178,760ZM480,720Q497,720 508.5,708.5Q520,697 520,680Q520,663 508.5,651.5Q497,640 480,640Q463,640 451.5,651.5Q440,663 440,680Q440,697 451.5,708.5Q463,720 480,720ZM480,600Q497,600 508.5,588.5Q520,577 520,560L520,440Q520,423 508.5,411.5Q497,400 480,400Q463,400 451.5,411.5Q440,423 440,440L440,560Q440,577 451.5,588.5Q463,600 480,600ZM480,500L480,500L480,500Z"/>
+</vector>
diff --git a/feature/external-credential/src/main/res/layout-land/fragment_external_credential_search.xml b/feature/external-credential/src/main/res/layout-land/fragment_external_credential_search.xml
new file mode 100644
index 0000000000..f38e24ed75
--- /dev/null
+++ b/feature/external-credential/src/main/res/layout-land/fragment_external_credential_search.xml
@@ -0,0 +1,233 @@
+<?xml version="1.0" encoding="utf-8"?>
+<androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto"
+    xmlns:tools="http://schemas.android.com/tools"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:paddingBottom="@dimen/margin_default"
+    android:background="@color/simprints_blue">
+
+    <ScrollView
+        android:layout_width="match_parent"
+        android:layout_height="0dp"
+        app:layout_constraintBottom_toTopOf="@+id/buttonRecapture"
+        app:layout_constraintEnd_toEndOf="parent"
+        app:layout_constraintStart_toStartOf="parent"
+        app:layout_constraintTop_toTopOf="parent">
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:orientation="vertical"
+            android:padding="@dimen/margin_large">
+
+            <com.google.android.material.card.MaterialCardView
+                android:id="@+id/documentPreviewCard"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                app:cardBackgroundColor="@color/simprints_white"
+                app:cardUseCompatPadding="true">
+
+                <androidx.constraintlayout.widget.ConstraintLayout
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content">
+
+                    <androidx.constraintlayout.widget.Guideline
+                        android:id="@+id/centerGuideline"
+                        android:layout_width="0dp"
+                        android:layout_height="match_parent"
+                        android:orientation="vertical"
+                        app:layout_constraintGuide_percent="0.5" />
+
+                    <com.google.android.material.imageview.ShapeableImageView
+                        android:id="@+id/documentPreview"
+                        android:layout_width="0dp"
+                        android:layout_height="0dp"
+                        android:elevation="8dp"
+                        android:importantForAccessibility="no"
+                        android:scaleType="centerCrop"
+                        app:layout_constraintDimensionRatio="16:10"
+                        app:layout_constraintEnd_toStartOf="@+id/centerGuideline"
+                        app:layout_constraintStart_toStartOf="parent"
+                        app:layout_constraintTop_toTopOf="parent"
+                        app:shapeAppearanceOverlay="@style/Shape.Simprints.MediumComponent"
+                        tools:src="@drawable/ghana_nhis_card" />
+
+                    <LinearLayout
+                        android:layout_width="0dp"
+                        android:layout_height="wrap_content"
+                        android:orientation="vertical"
+                        app:layout_constraintEnd_toEndOf="parent"
+                        app:layout_constraintStart_toEndOf="@+id/centerGuideline"
+                        app:layout_constraintTop_toTopOf="parent">
+
+                        <TextView
+                            android:id="@+id/documentTypeTitle"
+                            style="@style/Text.Body2.Secondary"
+                            android:layout_width="wrap_content"
+                            android:layout_height="wrap_content"
+                            android:paddingHorizontal="@dimen/margin_large"
+                            android:paddingTop="@dimen/padding_default"
+                            tools:text="Membership number:" />
+
+                        <androidx.constraintlayout.widget.ConstraintLayout
+                            android:layout_width="match_parent"
+                            android:layout_height="wrap_content"
+                            android:orientation="horizontal"
+                            android:paddingHorizontal="@dimen/margin_large">
+
+                            <TextView
+                                android:id="@+id/credentialValue"
+                                style="@style/Text.Headline4.Bold"
+                                android:layout_width="0dp"
+                                android:layout_height="wrap_content"
+                                android:layout_marginEnd="@dimen/margin_large"
+                                android:textColor="@color/simprints_text_black"
+                                app:layout_constraintEnd_toStartOf="@+id/iconEditCredential"
+                                app:layout_constraintStart_toStartOf="parent"
+                                app:layout_constraintTop_toTopOf="parent"
+                                tools:text="GHA-123456789-0" />
+
+                            <EditText
+                                android:id="@+id/credentialEditText"
+                                style="@style/Text.Headline4.Bold"
+                                android:layout_width="0dp"
+                                android:layout_height="wrap_content"
+                                android:layout_marginEnd="@dimen/margin_large"
+                                android:backgroundTint="@color/simprints_blue"
+                                android:focusable="true"
+                                android:focusableInTouchMode="true"
+                                android:inputType="textNoSuggestions"
+                                android:visibility="gone"
+                                app:layout_constraintEnd_toStartOf="@+id/iconEditCredential"
+                                app:layout_constraintStart_toStartOf="parent"
+                                app:layout_constraintTop_toTopOf="parent"
+                                tools:hint="Membership number"
+                                tools:ignore="LabelFor"
+                                tools:text="GHA-123456789-0" />
+
+                            <ImageView
+                                android:id="@+id/iconEditCredential"
+                                android:layout_width="24dp"
+                                android:layout_height="24dp"
+                                android:layout_gravity="center"
+                                android:background="?attr/selectableItemBackground"
+                                android:importantForAccessibility="no"
+                                android:src="@drawable/ic_edit"
+                                app:layout_constraintBottom_toBottomOf="parent"
+                                app:layout_constraintEnd_toEndOf="parent"
+                                app:layout_constraintTop_toTopOf="parent"
+                                app:tint="@color/simprints_text_grey" />
+
+                        </androidx.constraintlayout.widget.ConstraintLayout>
+
+                        <CheckBox
+                            android:id="@+id/confirmCredentialCheckbox"
+                            style="@style/Text.Body2.Secondary"
+                            android:layout_width="wrap_content"
+                            android:layout_height="wrap_content"
+                            android:layout_marginHorizontal="10dp"
+                            android:layout_marginBottom="@dimen/margin_large"
+                            android:buttonTint="@color/simprints_blue"
+                            android:checked="false"
+                            android:paddingStart="@dimen/margin_default"
+                            android:visibility="gone"
+                            tools:text="I confirm that the external credential is scanned correctly"
+                            tools:visibility="visible" />
+                    </LinearLayout>
+                </androidx.constraintlayout.widget.ConstraintLayout>
+            </com.google.android.material.card.MaterialCardView>
+
+            <com.google.android.material.card.MaterialCardView
+                android:id="@+id/searchProgressCard"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:visibility="gone"
+                app:cardBackgroundColor="@color/simprints_white"
+                app:cardUseCompatPadding="true"
+                tools:visibility="visible">
+
+                <LinearLayout
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:gravity="center_vertical"
+                    android:orientation="horizontal"
+                    android:padding="@dimen/padding_default">
+
+                    <com.google.android.material.progressindicator.CircularProgressIndicator
+                        android:layout_width="wrap_content"
+                        android:layout_height="wrap_content"
+                        android:indeterminate="true"
+                        app:indicatorColor="@color/simprints_blue"
+                        app:indicatorSize="24dp" />
+
+                    <TextView
+                        style="@style/Text.Body1"
+                        android:layout_width="wrap_content"
+                        android:layout_height="wrap_content"
+                        android:layout_marginStart="@dimen/margin_large"
+                        android:text="@string/mfid_searching" />
+                </LinearLayout>
+
+            </com.google.android.material.card.MaterialCardView>
+
+            <com.google.android.material.card.MaterialCardView
+                android:id="@+id/searchResultCard"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                app:cardBackgroundColor="@color/simprints_white"
+                app:cardUseCompatPadding="true"
+                tools:visibility="visible">
+
+                <LinearLayout
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:gravity="center_vertical"
+                    android:orientation="horizontal"
+                    android:padding="@dimen/padding_default"
+                    tools:ignore="UseCompoundDrawables">
+
+                    <ImageView
+                        android:id="@+id/iconSearchResult"
+                        android:layout_width="24dp"
+                        android:layout_height="24dp"
+                        android:layout_marginEnd="@dimen/margin_large"
+                        android:importantForAccessibility="no"
+                        tools:src="@drawable/ic_done" />
+
+                    <TextView
+                        android:id="@+id/textSearchResult"
+                        style="@style/Text.Body1"
+                        android:layout_width="wrap_content"
+                        android:layout_height="wrap_content"
+                        android:text="@string/mfid_searching"
+                        tools:text="Record found" />
+                </LinearLayout>
+
+            </com.google.android.material.card.MaterialCardView>
+
+        </LinearLayout>
+    </ScrollView>
+
+    <Button
+        android:id="@+id/buttonRecapture"
+        style="@style/Widget.Simprints.Button.White"
+        android:layout_width="0dp"
+        android:layout_height="wrap_content"
+        android:layout_marginHorizontal="@dimen/margin_large"
+        android:text="@string/face_capture_recapture_button"
+        app:layout_constraintBottom_toBottomOf="parent"
+        app:layout_constraintEnd_toStartOf="@id/buttonConfirm"
+        app:layout_constraintStart_toStartOf="parent" />
+
+    <Button
+        android:id="@+id/buttonConfirm"
+        android:layout_width="0dp"
+        android:layout_height="wrap_content"
+        android:layout_marginEnd="@dimen/margin_large"
+        android:enabled="false"
+        app:layout_constraintBottom_toBottomOf="parent"
+        app:layout_constraintEnd_toEndOf="parent"
+        app:layout_constraintStart_toEndOf="@id/buttonRecapture"
+        tools:text="Go to record" />
+</androidx.constraintlayout.widget.ConstraintLayout>
diff --git a/feature/external-credential/src/main/res/layout-land/item_document.xml b/feature/external-credential/src/main/res/layout-land/item_document.xml
index 609501feb9..586c3b2ecf 100644
--- a/feature/external-credential/src/main/res/layout-land/item_document.xml
+++ b/feature/external-credential/src/main/res/layout-land/item_document.xml
@@ -8,6 +8,7 @@
     app:cardUseCompatPadding="true">
 
     <androidx.constraintlayout.widget.ConstraintLayout
+        android:padding="@dimen/margin_default"
         android:layout_width="match_parent"
         android:layout_height="wrap_content">
 
diff --git a/feature/external-credential/src/main/res/layout/fragment_external_credential_scan_ocr.xml b/feature/external-credential/src/main/res/layout/fragment_external_credential_scan_ocr.xml
index 6366ab997b..57ce405d24 100644
--- a/feature/external-credential/src/main/res/layout/fragment_external_credential_scan_ocr.xml
+++ b/feature/external-credential/src/main/res/layout/fragment_external_credential_scan_ocr.xml
@@ -51,28 +51,28 @@
         app:layout_constraintTop_toTopOf="parent"
         tools:visibility="visible" />
 
-    <com.google.android.material.card.MaterialCardView
-        android:id="@+id/progressCard"
-        android:layout_width="0dp"
+    <LinearLayout
+        android:id="@+id/progressContainer"
+        android:layout_width="match_parent"
         android:layout_height="wrap_content"
-        android:layout_margin="@dimen/margin_large"
+        android:orientation="vertical"
+        android:padding="@dimen/padding_default"
         android:visibility="gone"
         app:layout_constraintEnd_toEndOf="parent"
         app:layout_constraintStart_toStartOf="parent"
         app:layout_constraintTop_toBottomOf="@+id/documentScannerArea"
         tools:visibility="visible">
 
-        <LinearLayout
+        <FrameLayout
             android:layout_width="match_parent"
-            android:layout_height="wrap_content"
-            android:orientation="vertical"
-            android:padding="@dimen/padding_default">
+            android:layout_height="wrap_content">
 
             <com.google.android.material.progressindicator.LinearProgressIndicator
                 android:id="@+id/progressBar"
                 style="@style/Widget.Simprints.LinearProgressIndicator.Blue.Large"
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
+                android:layout_gravity="center"
                 app:layout_constraintBottom_toBottomOf="parent"
                 app:layout_constraintEnd_toEndOf="parent"
                 app:layout_constraintHorizontal_bias="0.5"
@@ -80,16 +80,27 @@
                 app:layout_constraintTop_toBottomOf="@+id/connect_title"
                 tools:progress="43" />
 
-            <TextView
-                style="@style/Text.Body1"
-                android:layout_width="match_parent"
-                android:layout_height="wrap_content"
-                android:gravity="center"
-                android:paddingTop="@dimen/padding_default"
-                android:text="@string/mfid_ocr_progress_title" />
+            <ImageView
+                android:id="@+id/iconScanComplete"
+                android:layout_width="36dp"
+                android:layout_height="36dp"
+                android:alpha="0"
+                tools:alpha="1"
+                android:layout_gravity="center"
+                android:importantForAccessibility="no"
+                android:src="@drawable/ic_checked_green_large"/>
+        </FrameLayout>
+
+        <TextView
+            android:id="@+id/scanInstructions"
+            style="@style/Text.Body1"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:gravity="center"
+            android:paddingTop="@dimen/padding_default"
+            android:text="@string/mfid_ocr_progress_title" />
 
-        </LinearLayout>
-    </com.google.android.material.card.MaterialCardView>
+    </LinearLayout>
 
     <com.simprints.infra.view.PermissionRequestView
         android:id="@+id/permissionRequestView"
diff --git a/feature/external-credential/src/main/res/layout/fragment_external_credential_search.xml b/feature/external-credential/src/main/res/layout/fragment_external_credential_search.xml
index b9a7fef197..96b349c4a5 100644
--- a/feature/external-credential/src/main/res/layout/fragment_external_credential_search.xml
+++ b/feature/external-credential/src/main/res/layout/fragment_external_credential_search.xml
@@ -1,18 +1,214 @@
 <?xml version="1.0" encoding="utf-8"?>
 <androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:app="http://schemas.android.com/apk/res-auto"
+    xmlns:tools="http://schemas.android.com/tools"
     android:layout_width="match_parent"
-    android:layout_height="match_parent">
+    android:layout_height="match_parent"
+    android:background="@color/simprints_blue"
+    android:padding="@dimen/margin_large">
 
-    <ImageView
-        android:id="@+id/scannedImage"
+    <com.google.android.material.card.MaterialCardView
+        android:id="@+id/documentPreviewCard"
         android:layout_width="0dp"
-        android:layout_height="0dp"
-        android:layout_margin="@dimen/margin_large"
-        app:layout_constraintBottom_toBottomOf="parent"
-        app:layout_constraintDimensionRatio="16:10"
+        android:layout_height="wrap_content"
+        app:cardBackgroundColor="@color/simprints_white"
+        app:cardUseCompatPadding="true"
         app:layout_constraintEnd_toEndOf="parent"
         app:layout_constraintStart_toStartOf="parent"
-        app:layout_constraintTop_toTopOf="parent" />
+        app:layout_constraintTop_toTopOf="parent">
+
+        <androidx.constraintlayout.widget.ConstraintLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content">
+
+            <com.google.android.material.imageview.ShapeableImageView
+                android:id="@+id/documentPreview"
+                android:layout_width="0dp"
+                android:layout_height="0dp"
+                android:elevation="8dp"
+                android:importantForAccessibility="no"
+                android:scaleType="centerCrop"
+                app:layout_constraintDimensionRatio="16:10"
+                app:layout_constraintEnd_toEndOf="parent"
+                app:layout_constraintStart_toStartOf="parent"
+                app:layout_constraintTop_toTopOf="parent"
+                app:shapeAppearanceOverlay="@style/Shape.Simprints.MediumComponent"
+                tools:src="@drawable/ghana_nhis_card" />
+
+            <LinearLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:orientation="vertical"
+                app:layout_constraintEnd_toEndOf="parent"
+                app:layout_constraintStart_toStartOf="parent"
+                app:layout_constraintTop_toBottomOf="@+id/documentPreview">
+
+                <TextView
+                    android:id="@+id/documentTypeTitle"
+                    style="@style/Text.Body2.Secondary"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:paddingHorizontal="@dimen/margin_large"
+                    android:paddingTop="@dimen/padding_default"
+                    tools:text="Membership number:" />
+
+                <androidx.constraintlayout.widget.ConstraintLayout
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:orientation="horizontal"
+                    android:paddingHorizontal="@dimen/margin_large">
+
+                    <TextView
+                        android:id="@+id/credentialValue"
+                        style="@style/Text.Headline4.Bold"
+                        android:layout_width="0dp"
+                        android:layout_height="wrap_content"
+                        android:layout_marginEnd="@dimen/margin_large"
+                        android:textColor="@color/simprints_text_black"
+                        app:layout_constraintEnd_toStartOf="@+id/iconEditCredential"
+                        app:layout_constraintStart_toStartOf="parent"
+                        app:layout_constraintTop_toTopOf="parent"
+                        tools:text="GHA-123456789-0" />
+
+                    <EditText
+                        android:id="@+id/credentialEditText"
+                        style="@style/Text.Headline4.Bold"
+                        android:layout_width="0dp"
+                        android:layout_height="wrap_content"
+                        android:layout_marginEnd="@dimen/margin_large"
+                        android:backgroundTint="@color/simprints_blue"
+                        android:focusable="true"
+                        android:focusableInTouchMode="true"
+                        android:inputType="textNoSuggestions"
+                        android:visibility="gone"
+                        app:layout_constraintEnd_toStartOf="@+id/iconEditCredential"
+                        app:layout_constraintStart_toStartOf="parent"
+                        app:layout_constraintTop_toTopOf="parent"
+                        tools:hint="Membership number"
+                        tools:ignore="LabelFor"
+                        tools:text="GHA-123456789-0" />
+
+                    <ImageView
+                        android:id="@+id/iconEditCredential"
+                        android:layout_width="24dp"
+                        android:layout_height="24dp"
+                        android:layout_gravity="center"
+                        android:background="?attr/selectableItemBackground"
+                        android:importantForAccessibility="no"
+                        android:src="@drawable/ic_edit"
+                        app:layout_constraintBottom_toBottomOf="parent"
+                        app:layout_constraintEnd_toEndOf="parent"
+                        app:layout_constraintTop_toTopOf="parent"/>
+
+                </androidx.constraintlayout.widget.ConstraintLayout>
+
+                <CheckBox
+                    android:id="@+id/confirmCredentialCheckbox"
+                    style="@style/Text.Body2.Secondary"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginHorizontal="10dp"
+                    android:layout_marginBottom="@dimen/margin_large"
+                    android:buttonTint="@color/simprints_blue"
+                    android:checked="false"
+                    android:paddingStart="@dimen/margin_default"
+                    android:visibility="gone"
+                    tools:text="I confirm that the external credential is scanned correctly"
+                    tools:visibility="visible" />
+            </LinearLayout>
+        </androidx.constraintlayout.widget.ConstraintLayout>
+    </com.google.android.material.card.MaterialCardView>
+
+    <com.google.android.material.card.MaterialCardView
+        android:id="@+id/searchProgressCard"
+        android:layout_width="0dp"
+        android:layout_height="wrap_content"
+        android:visibility="gone"
+        app:cardBackgroundColor="@color/simprints_white"
+        app:cardUseCompatPadding="true"
+        app:layout_constraintEnd_toEndOf="parent"
+        app:layout_constraintStart_toStartOf="parent"
+        app:layout_constraintTop_toBottomOf="@+id/documentPreviewCard">
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:gravity="center_vertical"
+            android:orientation="horizontal"
+            android:padding="@dimen/padding_default">
+
+            <com.google.android.material.progressindicator.CircularProgressIndicator
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:indeterminate="true"
+                app:indicatorColor="@color/simprints_blue"
+                app:indicatorSize="24dp" />
 
+            <TextView
+                style="@style/Text.Body1"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:layout_marginStart="@dimen/margin_large"
+                android:text="@string/mfid_searching" />
+        </LinearLayout>
+
+    </com.google.android.material.card.MaterialCardView>
+
+    <com.google.android.material.card.MaterialCardView
+        android:id="@+id/searchResultCard"
+        android:layout_width="0dp"
+        android:layout_height="wrap_content"
+        app:cardBackgroundColor="@color/simprints_white"
+        app:cardUseCompatPadding="true"
+        app:layout_constraintEnd_toEndOf="parent"
+        app:layout_constraintStart_toStartOf="parent"
+        app:layout_constraintTop_toBottomOf="@+id/documentPreviewCard">
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:gravity="center_vertical"
+            android:orientation="horizontal"
+            android:padding="@dimen/padding_default"
+            tools:ignore="UseCompoundDrawables">
+
+            <ImageView
+                android:id="@+id/iconSearchResult"
+                android:layout_width="24dp"
+                android:layout_height="24dp"
+                android:layout_marginEnd="@dimen/margin_large"
+                android:importantForAccessibility="no"
+                tools:src="@drawable/ic_done" />
+
+            <TextView
+                android:id="@+id/textSearchResult"
+                style="@style/Text.Body1"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:text="@string/mfid_searching"
+                tools:text="Record found" />
+        </LinearLayout>
+
+    </com.google.android.material.card.MaterialCardView>
+
+    <Button
+        android:id="@+id/buttonRecapture"
+        style="@style/Widget.Simprints.Button.White"
+        android:layout_width="0dp"
+        android:layout_height="wrap_content"
+        android:text="@string/face_capture_recapture_button"
+        app:layout_constraintBottom_toBottomOf="parent"
+        app:layout_constraintEnd_toStartOf="@id/buttonConfirm"
+        app:layout_constraintStart_toStartOf="parent" />
+
+    <Button
+        android:id="@+id/buttonConfirm"
+        android:layout_width="0dp"
+        android:layout_height="wrap_content"
+        android:layout_marginStart="@dimen/margin_large"
+        android:enabled="false"
+        app:layout_constraintBottom_toBottomOf="parent"
+        app:layout_constraintEnd_toEndOf="parent"
+        app:layout_constraintStart_toEndOf="@id/buttonRecapture"
+        tools:text="Go to record" />
 </androidx.constraintlayout.widget.ConstraintLayout>
diff --git a/feature/external-credential/src/main/res/layout/item_document.xml b/feature/external-credential/src/main/res/layout/item_document.xml
index 1a4434cc43..f2b8d0e5e9 100644
--- a/feature/external-credential/src/main/res/layout/item_document.xml
+++ b/feature/external-credential/src/main/res/layout/item_document.xml
@@ -8,6 +8,7 @@
     app:cardUseCompatPadding="true">
 
     <androidx.constraintlayout.widget.ConstraintLayout
+        android:padding="@dimen/margin_default"
         android:layout_width="match_parent"
         android:layout_height="wrap_content">
 
diff --git a/feature/external-credential/src/main/res/navigation/graph_external_credential_internal.xml b/feature/external-credential/src/main/res/navigation/graph_external_credential_internal.xml
index bb93c24aed..47d96644a7 100644
--- a/feature/external-credential/src/main/res/navigation/graph_external_credential_internal.xml
+++ b/feature/external-credential/src/main/res/navigation/graph_external_credential_internal.xml
@@ -39,6 +39,11 @@
         android:label="ExternalCredentialSearchFragment"
         tools:layout="@layout/fragment_external_credential_search">
 
+        <action
+            android:id="@+id/action_externalCredentialSearch_to_externalCredentialSelectFragment"
+            app:destination="@+id/externalCredentialSelectFragment"
+            app:popUpTo="@+id/graph_external_credential_internal"
+            app:popUpToInclusive="true" />
         <argument
             android:name="scannedCredential"
             app:argType="com.simprints.feature.externalcredential.screens.search.model.ScannedCredential"
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialViewModelTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialViewModelTest.kt
index b36edbb9e2..c5647eec7e 100644
--- a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialViewModelTest.kt
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/controller/ExternalCredentialViewModelTest.kt
@@ -1,11 +1,13 @@
 package com.simprints.feature.externalcredential.screens.controller
 
 import androidx.arch.core.executor.testing.InstantTaskExecutorRule
-import com.google.common.truth.Truth.assertThat
+import com.google.common.truth.Truth.*
 import com.jraska.livedata.test
 import com.simprints.core.domain.common.FlowType
 import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
 import com.simprints.feature.externalcredential.model.ExternalCredentialParams
+import io.mockk.*
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
@@ -69,8 +71,8 @@ internal class ExternalCredentialViewModelTest {
         val observer = viewModel.stateLiveData.test()
         val subjectId = "subjectId"
         val flowType = FlowType.IDENTIFY
-        val params = ExternalCredentialParams(subjectId = subjectId, flowType = flowType)
-        val paramsSecond = ExternalCredentialParams(subjectId = "other", flowType = FlowType.VERIFY)
+        val params = createParams(subjectId = subjectId, flowType)
+        val paramsSecond = createParams(subjectId = "other", flowType)
 
         viewModel.init(params)
         val firstState = observer.value()
@@ -81,4 +83,26 @@ internal class ExternalCredentialViewModelTest {
         assertThat(observer.value()?.subjectId).isEqualTo(subjectId)
         assertThat(observer.value()?.flowType).isEqualTo(flowType)
     }
+
+    @Test
+    fun `finish sends result to finishEvent`() {
+        val observer = viewModel.finishEvent.test()
+        val mockResult = mockk<ExternalCredentialSearchResult>(relaxed = true)
+        viewModel.finish(mockResult)
+
+        assertThat(observer.value()).isNotNull()
+        assertThat(observer.value()?.peekContent()).isEqualTo(mockResult)
+    }
+
+    private fun createParams(
+        subjectId: String,
+        flowType: FlowType,
+    ) = ExternalCredentialParams(
+        subjectId = subjectId,
+        flowType = flowType,
+        ageGroup = null,
+        probeReferenceId = null,
+        faceSamples = emptyList(),
+        fingerprintSamples = emptyList(),
+    )
 }
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrViewModelTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrViewModelTest.kt
index bcd6b8947f..2093518e62 100644
--- a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrViewModelTest.kt
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/ExternalCredentialScanOcrViewModelTest.kt
@@ -2,8 +2,10 @@ package com.simprints.feature.externalcredential.screens.scanocr
 
 import android.graphics.Bitmap
 import androidx.arch.core.executor.testing.InstantTaskExecutorRule
-import com.google.common.truth.Truth.assertThat
+import com.google.common.truth.Truth.*
 import com.jraska.livedata.test
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.feature.externalcredential.model.BoundingBox
 import com.simprints.feature.externalcredential.screens.scanocr.model.DetectedOcrBlock
 import com.simprints.feature.externalcredential.screens.scanocr.model.OcrCropConfig
 import com.simprints.feature.externalcredential.screens.scanocr.model.OcrDocumentType
@@ -11,6 +13,13 @@ import com.simprints.feature.externalcredential.screens.scanocr.usecase.CropDocu
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.GetCredentialCoordinatesUseCase
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.KeepOnlyBestDetectedBlockUseCase
 import com.simprints.feature.externalcredential.screens.scanocr.usecase.NormalizeBitmapToPreviewUseCase
+import com.simprints.feature.externalcredential.screens.scanocr.usecase.SaveScannedImageUseCase
+import com.simprints.feature.externalcredential.screens.scanocr.usecase.ZoomOntoCredentialUseCase
+import com.simprints.infra.authstore.AuthStore
+import com.simprints.infra.config.store.models.Project
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
+import com.simprints.infra.config.sync.ConfigManager
 import com.simprints.infra.resources.R
 import com.simprints.testtools.common.coroutines.TestCoroutineRule
 import io.mockk.*
@@ -39,6 +48,21 @@ internal class ExternalCredentialScanOcrViewModelTest {
     @MockK
     private lateinit var keepOnlyBestDetectedBlockUseCase: KeepOnlyBestDetectedBlockUseCase
 
+    @MockK
+    private lateinit var zoomOntoCredentialUseCase: ZoomOntoCredentialUseCase
+
+    @MockK
+    private lateinit var saveScannedImageUseCase: SaveScannedImageUseCase
+
+    @MockK
+    private lateinit var tokenizationProcessor: TokenizationProcessor
+
+    @MockK
+    private lateinit var authStore: AuthStore
+
+    @MockK
+    private lateinit var configManager: ConfigManager
+
     @MockK
     private lateinit var bitmap: Bitmap
 
@@ -61,7 +85,12 @@ internal class ExternalCredentialScanOcrViewModelTest {
         cropDocumentFromPreviewUseCase = cropDocumentFromPreviewUseCase,
         getCredentialCoordinatesUseCase = getCredentialCoordinatesUseCase,
         keepOnlyBestDetectedBlockUseCase = keepOnlyBestDetectedBlockUseCase,
+        zoomOntoCredentialUseCase = zoomOntoCredentialUseCase,
+        saveScannedImageUseCase = saveScannedImageUseCase,
         bgDispatcher = testCoroutineRule.testCoroutineDispatcher,
+        tokenizationProcessor = tokenizationProcessor,
+        configManager = configManager,
+        authStore = authStore,
     )
 
     @Test
@@ -95,19 +124,76 @@ internal class ExternalCredentialScanOcrViewModelTest {
     }
 
     @Test
-    fun `processOcrResultsAndFinish sends finish event and resets state`() = runTest {
-        val mockBestBlock = mockk<DetectedOcrBlock>()
+    fun `processOcrResultsAndFinish sends finish event with scanned credential`() = runTest {
+        val detectedBlockImagePath = "detectedBlockImagePath"
+        val readoutValue = "readoutValue"
+        val zoomedImagePath = "zoomedImagePath"
+        val projectId = "projectId"
+        val mockBoundingBox = mockk<BoundingBox>()
+        val mockBitmap = mockk<Bitmap>()
+        val mockProject = mockk<Project>()
+        val mockTokenizedCredential = mockk<TokenizableString.Tokenized>()
+
+        val mockBestBlock = mockk<DetectedOcrBlock> {
+            every { documentType } returns OcrDocumentType.NhisCard
+            every { blockBoundingBox } returns mockBoundingBox
+            every { imagePath } returns detectedBlockImagePath
+            every { this@mockk.readoutValue } returns readoutValue
+        }
+
+        coEvery { authStore.signedInProjectId } returns projectId
+        coEvery { configManager.getProject(projectId) } returns mockProject
+        coEvery { keepOnlyBestDetectedBlockUseCase(any(), documentType) } returns mockBestBlock
+        coEvery { tokenizationProcessor.encrypt(any(), TokenKeyType.ExternalCredential, mockProject) } returns mockTokenizedCredential
+        coEvery { zoomOntoCredentialUseCase(detectedBlockImagePath, mockBoundingBox) } returns mockBitmap
+        coEvery { saveScannedImageUseCase(mockBitmap, OcrDocumentType.NhisCard, any()) } returns zoomedImagePath
+
         val finishObserver = viewModel.finishOcrEvent.test()
         val stateObserver = viewModel.stateLiveData.test()
-        val ocrDocumentType = OcrDocumentType.NhisCard
-        coEvery { keepOnlyBestDetectedBlockUseCase(any(), ocrDocumentType) } returns mockBestBlock
+
         viewModel.processOcrResultsAndFinish()
 
-        assertThat(finishObserver.value()?.peekContent()).isEqualTo(mockBestBlock)
-        assertThat(stateObserver.value()).isEqualTo(ScanOcrState.NotScanning)
+        val scannedCredential = finishObserver.value()?.peekContent()
+        assertThat(scannedCredential?.credential).isEqualTo(mockTokenizedCredential)
+        assertThat(scannedCredential?.documentImagePath).isEqualTo(detectedBlockImagePath)
+        assertThat(scannedCredential?.zoomedCredentialImagePath).isEqualTo(zoomedImagePath)
+        assertThat(scannedCredential?.credentialBoundingBox).isEqualTo(mockBoundingBox)
+        assertThat(stateObserver.value()).isEqualTo(ScanOcrState.Complete)
         assertThat(viewModel.isOcrActive).isFalse()
     }
 
+    @Test
+    fun `processOcrResultsAndFinish sets null zoomed image path when zoom fails`() = runTest {
+        val detectedBlockImagePath = "detectedBlockImagePath"
+        val readoutValue = "readoutValue"
+        val projectId = "projectId"
+        val mockBoundingBox = mockk<BoundingBox>()
+        val mockProject = mockk<Project>()
+        val mockTokenizedCredential = mockk<TokenizableString.Tokenized>()
+
+        val mockBestBlock = mockk<DetectedOcrBlock> {
+            every { documentType } returns OcrDocumentType.NhisCard
+            every { blockBoundingBox } returns mockBoundingBox
+            every { imagePath } returns detectedBlockImagePath
+            every { this@mockk.readoutValue } returns readoutValue
+        }
+
+        coEvery { authStore.signedInProjectId } returns projectId
+        coEvery { configManager.getProject(projectId) } returns mockProject
+        coEvery { keepOnlyBestDetectedBlockUseCase(any(), documentType) } returns mockBestBlock
+        coEvery { tokenizationProcessor.encrypt(any(), TokenKeyType.ExternalCredential, mockProject) } returns mockTokenizedCredential
+        coEvery { zoomOntoCredentialUseCase(detectedBlockImagePath, mockBoundingBox) } throws Exception("Zoom failed")
+
+        val finishObserver = viewModel.finishOcrEvent.test()
+
+        viewModel.processOcrResultsAndFinish()
+
+        val scannedCredential = finishObserver.value()?.peekContent()
+        assertThat(scannedCredential?.zoomedCredentialImagePath).isNull()
+        assertThat(scannedCredential?.credential).isEqualTo(mockTokenizedCredential)
+        assertThat(scannedCredential?.documentImagePath).isEqualTo(detectedBlockImagePath)
+    }
+
     @Test
     fun `getDocumentTypeRes returns correct resource for NHIS card`() {
         viewModel = initViewModel(OcrDocumentType.NhisCard)
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/CropDocumentFromPreviewUseCaseTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/CropDocumentFromPreviewUseCaseTest.kt
index 12d92e7551..6f6e034ec6 100644
--- a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/CropDocumentFromPreviewUseCaseTest.kt
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/CropDocumentFromPreviewUseCaseTest.kt
@@ -174,38 +174,4 @@ internal class CropDocumentFromPreviewUseCaseTest {
         }
         unmockkStatic(Bitmap::class)
     }
-
-    @Test
-    fun `handles empty cutout rect by creating 1x1 bitmap`() {
-        val left = 100
-        val top = 100
-        val expectedWidth = 0
-        val expectedHeight = 0
-        val cutoutRect = Rect(left, top, left, top)
-
-        mockkStatic(Bitmap::class)
-        every {
-            Bitmap.createBitmap(
-                sourceBitmap,
-                left,
-                top,
-                expectedWidth,
-                expectedHeight,
-            )
-        } returns croppedBitmap
-
-        val result = useCase(sourceBitmap, cutoutRect)
-
-        assertThat(result).isEqualTo(croppedBitmap)
-        verify {
-            Bitmap.createBitmap(
-                sourceBitmap,
-                left,
-                top,
-                expectedWidth,
-                expectedHeight,
-            )
-        }
-        unmockkStatic(Bitmap::class)
-    }
 }
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/SaveScannedImageUseCaseTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/SaveScannedImageUseCaseTest.kt
index 45f38a12cf..bc3f5f8a4b 100644
--- a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/SaveScannedImageUseCaseTest.kt
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/SaveScannedImageUseCaseTest.kt
@@ -29,11 +29,13 @@ internal class SaveScannedImageUseCaseTest {
     @Test
     fun `saves bitmap with correct document type name and returns file path`() {
         OcrDocumentType.entries.forEach { documentType ->
-            every { bitmap.compress(any(), any(), any()) } returns true
-            val result = useCase(bitmap, documentType)
-            assertThat(result).contains("ocr_scan_${documentType}_")
-            assertThat(result).endsWith(".jpg")
-            verify { bitmap.compress(Bitmap.CompressFormat.JPEG, 100, any()) }
+            SaveScannedImageUseCase.ScanImageType.entries.forEach { scanImageType ->
+                every { bitmap.compress(any(), any(), any()) } returns true
+                val result = useCase(bitmap, documentType, scanImageType)
+                assertThat(result).contains("ocr_scan_${documentType}_$scanImageType")
+                assertThat(result).endsWith(".jpg")
+                verify { bitmap.compress(Bitmap.CompressFormat.JPEG, 100, any()) }
+            }
         }
     }
 }
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/ZoomOntoCredentialUseCaseTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/ZoomOntoCredentialUseCaseTest.kt
new file mode 100644
index 0000000000..47f2bec24b
--- /dev/null
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanocr/usecase/ZoomOntoCredentialUseCaseTest.kt
@@ -0,0 +1,153 @@
+package com.simprints.feature.externalcredential.screens.scanocr.usecase
+
+import android.graphics.Bitmap
+import android.graphics.BitmapFactory
+import com.google.common.truth.Truth.*
+import com.simprints.feature.externalcredential.model.BoundingBox
+import io.mockk.*
+import org.junit.Before
+import org.junit.Test
+
+class ZoomOntoCredentialUseCaseTest {
+    private lateinit var useCase: ZoomOntoCredentialUseCase
+    private lateinit var mockBitmap: Bitmap
+    private val bitmapWidth = 1600
+    private val bitmapHeight = 1000 // 16:10
+    private val imagePath = "path"
+
+    @Before
+    fun setUp() {
+        useCase = ZoomOntoCredentialUseCase()
+        mockkStatic(BitmapFactory::class)
+        mockBitmap = mockk {
+            every { width } returns bitmapWidth
+            every { height } returns bitmapHeight
+        }
+        every { BitmapFactory.decodeFile(any()) } returns mockBitmap
+    }
+
+    @Test
+    fun `returns original bitmap when bounding box has zero width`() {
+        val boundingBox = BoundingBox(left = 100, top = 100, right = 100, bottom = 200)
+        val result = useCase(imagePath, boundingBox)
+        assertThat(result).isEqualTo(mockBitmap)
+    }
+
+    @Test
+    fun `returns original bitmap when bounding box has zero height`() {
+        val boundingBox = BoundingBox(left = 100, top = 100, right = 200, bottom = 100)
+        val result = useCase(imagePath, boundingBox)
+        assertThat(result).isEqualTo(mockBitmap)
+    }
+
+    @Test
+    fun `adjusts crop area to fit 16 to 10 aspect ratio when box is wider`() {
+        val boundingBox = BoundingBox(left = 100, top = 400, right = 500, bottom = 500)
+        runAspectRatioTest(boundingBox)
+    }
+
+    @Test
+    fun `adjusts crop area to fit 16 to 10 aspect ratio when box is taller`() {
+        val boundingBox = BoundingBox(left = 400, top = 100, right = 500, bottom = 500)
+        runAspectRatioTest(boundingBox)
+    }
+
+    @Test
+    fun `clamps crop area to bitmap boundaries when expansion exceeds left edge`() {
+        val boundingBox = BoundingBox(left = 10, top = 400, right = 110, bottom = 500)
+        runEdgeClampingTest(boundingBox)
+    }
+
+    @Test
+    fun `clamps crop area to bitmap boundaries when expansion exceeds right edge`() {
+        val boundingBox = BoundingBox(left = 890, top = 400, right = 990, bottom = 500)
+        runEdgeClampingTest(boundingBox)
+    }
+
+    @Test
+    fun `clamps crop area to bitmap boundaries when expansion exceeds top edge`() {
+        val boundingBox = BoundingBox(left = 400, top = 10, right = 500, bottom = 110)
+        runEdgeClampingTest(boundingBox)
+    }
+
+    @Test
+    fun `clamps crop area to bitmap boundaries when expansion exceeds bottom edge`() {
+        val boundingBox = BoundingBox(left = 400, top = 890, right = 500, bottom = 990)
+        runEdgeClampingTest(boundingBox)
+    }
+
+    @Test
+    fun `handles bounding box in center of image correctly`() {
+        val boundingBox = BoundingBox(left = 400, top = 400, right = 600, bottom = 500)
+        val croppedBitmap = mockk<Bitmap>()
+        val capturedLeft = slot<Int>()
+        val capturedTop = slot<Int>()
+        val capturedWidth = slot<Int>()
+        val capturedHeight = slot<Int>()
+        mockkStatic(Bitmap::class)
+        every {
+            Bitmap.createBitmap(
+                any<Bitmap>(),
+                capture(capturedLeft),
+                capture(capturedTop),
+                capture(capturedWidth),
+                capture(capturedHeight),
+            )
+        } returns croppedBitmap
+        useCase(imagePath, boundingBox)
+
+        // Double checking that aspect ratio remains 16:10
+        val aspectRatio = capturedWidth.captured.toFloat() / capturedHeight.captured.toFloat()
+        assertThat(aspectRatio).isWithin(0.01f).of(1.6f)
+
+        assertThat(capturedLeft.captured).isAtLeast(0)
+        assertThat(capturedTop.captured).isAtLeast(0)
+        assertThat(capturedLeft.captured + capturedWidth.captured).isAtMost(bitmapWidth)
+        assertThat(capturedTop.captured + capturedHeight.captured).isAtMost(bitmapHeight)
+    }
+
+    private fun runAspectRatioTest(boundingBox: BoundingBox) {
+        val croppedBitmap = mockk<Bitmap>()
+        val capturedWidth = slot<Int>()
+        val capturedHeight = slot<Int>()
+        mockkStatic(Bitmap::class)
+        every {
+            Bitmap.createBitmap(any<Bitmap>(), any(), any(), capture(capturedWidth), capture(capturedHeight))
+        } returns croppedBitmap
+
+        useCase(imagePath, boundingBox)
+        val aspectRatio = capturedWidth.captured.toFloat() / capturedHeight.captured.toFloat()
+        assertThat(aspectRatio).isWithin(0.01f).of(1.6f)
+    }
+
+    private fun runEdgeClampingTest(boundingBox: BoundingBox) {
+        val croppedBitmap = mockk<Bitmap>()
+        val capturedLeft = slot<Int>()
+        val capturedTop = slot<Int>()
+        val capturedWidth = slot<Int>()
+        val capturedHeight = slot<Int>()
+        mockkStatic(Bitmap::class)
+        every {
+            Bitmap.createBitmap(
+                any<Bitmap>(),
+                capture(capturedLeft),
+                capture(capturedTop),
+                capture(capturedWidth),
+                capture(capturedHeight),
+            )
+        } returns croppedBitmap
+
+        useCase(imagePath, boundingBox)
+
+        // Crop area should stay within the bitmap boundaries
+        assertThat(capturedLeft.captured).isAtLeast(0)
+        assertThat(capturedTop.captured).isAtLeast(0)
+        assertThat(capturedLeft.captured + capturedWidth.captured).isAtMost(bitmapWidth)
+        assertThat(capturedTop.captured + capturedHeight.captured).isAtMost(bitmapHeight)
+    }
+
+    private fun mockBitmapCreation(croppedBitmap: Bitmap) {
+        mockkStatic(Bitmap::class)
+        every { Bitmap.createBitmap(any<Bitmap>(), any(), any(), any(), any()) } returns croppedBitmap
+    }
+}
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrViewModelTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrViewModelTest.kt
index e81913e64d..de49e17025 100644
--- a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrViewModelTest.kt
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/scanqr/ExternalCredentialScanQrViewModelTest.kt
@@ -4,27 +4,55 @@ import androidx.arch.core.executor.testing.InstantTaskExecutorRule
 import com.google.common.truth.Truth.assertThat
 import com.jraska.livedata.test
 import com.simprints.core.domain.permission.PermissionStatus
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.core.domain.tokenization.asTokenizableRaw
 import com.simprints.feature.externalcredential.screens.scanqr.usecase.ExternalCredentialQrCodeValidatorUseCase
+import com.simprints.infra.authstore.AuthStore
+import com.simprints.infra.config.store.models.Project
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
+import com.simprints.infra.config.sync.ConfigManager
+import com.simprints.testtools.common.coroutines.TestCoroutineRule
 import io.mockk.MockKAnnotations
+import io.mockk.coEvery
 import io.mockk.every
 import io.mockk.impl.annotations.MockK
+import io.mockk.mockk
+import kotlinx.coroutines.test.runTest
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
 
 internal class ExternalCredentialScanQrViewModelTest {
+    @get:Rule
+    val testCoroutineRule = TestCoroutineRule()
+
     @get:Rule
     val instantExecutorRule = InstantTaskExecutorRule()
 
     @MockK
     private lateinit var validator: ExternalCredentialQrCodeValidatorUseCase
 
+    @MockK
+    private lateinit var tokenizationProcessor: TokenizationProcessor
+
+    @MockK
+    private lateinit var authStore: AuthStore
+
+    @MockK
+    private lateinit var configManager: ConfigManager
+
     private lateinit var viewModel: ExternalCredentialScanQrViewModel
 
     @Before
     fun setUp() {
         MockKAnnotations.init(this, relaxed = true)
-        viewModel = ExternalCredentialScanQrViewModel(validator)
+        viewModel = ExternalCredentialScanQrViewModel(
+            externalCredentialQrCodeValidator = validator,
+            tokenizationProcessor = tokenizationProcessor,
+            configManager = configManager,
+            authStore = authStore,
+        )
     }
 
     @Test
@@ -34,17 +62,28 @@ internal class ExternalCredentialScanQrViewModelTest {
     }
 
     @Test
-    fun `updateCapturedValue with null sets ReadyToScan`() {
+    fun `updateCapturedValue with null sets ReadyToScan`() = runTest {
         val observer = viewModel.stateLiveData.test()
         viewModel.updateCapturedValue(null)
         assertThat(observer.value()).isEqualTo(ScanQrState.ReadyToScan)
     }
 
     @Test
-    fun `updateCapturedValue with non-null sets QrCodeCaptured`() {
+    fun `updateCapturedValue with non-null sets QrCodeCaptured`() = runTest {
         val observer = viewModel.stateLiveData.test()
-        viewModel.updateCapturedValue("captured-value")
-        assertThat(observer.value()).isEqualTo(ScanQrState.QrCodeCaptured("captured-value"))
+        val value = "value"
+        val projectId = "projectId"
+        val mockProject = mockk<Project>()
+        val mockTokenizedCredential = mockk<TokenizableString.Tokenized>()
+
+        every { authStore.signedInProjectId } returns projectId
+        coEvery { configManager.getProject(projectId) } returns mockProject
+        coEvery { tokenizationProcessor.encrypt(any(), TokenKeyType.ExternalCredential, mockProject) } returns mockTokenizedCredential
+
+        viewModel.updateCapturedValue(value)
+
+        val expected = ScanQrState.QrCodeCaptured(value.asTokenizableRaw(), mockTokenizedCredential)
+        assertThat(observer.value()).isEqualTo(expected)
     }
 
     @Test
@@ -74,10 +113,10 @@ internal class ExternalCredentialScanQrViewModelTest {
 
     @Test
     fun `isValidQrCodeFormat uses validator to validate`() {
-        val validValue = "validValue"
-        val invalidValue = "invalidValue"
-        every { validator.invoke(validValue) } returns true
-        every { validator.invoke(invalidValue) } returns false
+        val validValue = "validValue".asTokenizableRaw()
+        val invalidValue = "invalidValue".asTokenizableRaw()
+        every { validator.invoke(validValue.value) } returns true
+        every { validator.invoke(invalidValue.value) } returns false
 
         assertThat(viewModel.isValidQrCodeFormat(validValue)).isTrue()
         assertThat(viewModel.isValidQrCodeFormat(invalidValue)).isFalse()
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchViewModelTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchViewModelTest.kt
new file mode 100644
index 0000000000..e0c9ba72c7
--- /dev/null
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/ExternalCredentialSearchViewModelTest.kt
@@ -0,0 +1,256 @@
+package com.simprints.feature.externalcredential.screens.search
+
+import android.text.InputType
+import androidx.arch.core.executor.testing.InstantTaskExecutorRule
+import com.google.common.truth.Truth.*
+import com.jraska.livedata.test
+import com.simprints.core.domain.common.FlowType
+import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.core.domain.tokenization.asTokenizableRaw
+import com.simprints.feature.externalcredential.model.CredentialMatch
+import com.simprints.feature.externalcredential.model.ExternalCredentialParams
+import com.simprints.feature.externalcredential.screens.search.model.ScannedCredential
+import com.simprints.feature.externalcredential.screens.search.model.SearchState
+import com.simprints.feature.externalcredential.screens.search.usecase.MatchCandidatesUseCase
+import com.simprints.infra.authstore.AuthStore
+import com.simprints.infra.config.store.models.ProjectConfiguration
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
+import com.simprints.infra.config.sync.ConfigManager
+import com.simprints.infra.enrolment.records.repository.EnrolmentRecordRepository
+import com.simprints.infra.enrolment.records.repository.domain.models.Subject
+import com.simprints.testtools.common.coroutines.TestCoroutineRule
+import io.mockk.*
+import io.mockk.impl.annotations.MockK
+import kotlinx.coroutines.test.runTest
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import com.simprints.infra.resources.R as IDR
+
+internal class ExternalCredentialSearchViewModelTest {
+    @get:Rule
+    val rule = InstantTaskExecutorRule()
+
+    @get:Rule
+    val testCoroutineRule = TestCoroutineRule()
+
+    @MockK
+    lateinit var authStore: AuthStore
+
+    @MockK
+    lateinit var configManager: ConfigManager
+
+    @MockK
+    lateinit var matchCandidatesUseCase: MatchCandidatesUseCase
+
+    @MockK
+    lateinit var project: com.simprints.infra.config.store.models.Project
+
+    @MockK
+    lateinit var projectConfig: ProjectConfiguration
+
+    @MockK
+    lateinit var subject: Subject
+
+    @MockK
+    lateinit var candidateMatch: CredentialMatch
+
+    @MockK
+    lateinit var scannedCredential: ScannedCredential
+
+    @MockK
+    lateinit var externalCredentialParams: ExternalCredentialParams
+
+    @MockK
+    private lateinit var tokenizationProcessor: TokenizationProcessor
+
+    @MockK
+    private lateinit var enrolmentRecordRepository: EnrolmentRecordRepository
+
+    private lateinit var viewModel: ExternalCredentialSearchViewModel
+
+    private val projectId = "projectId"
+
+    @Before
+    fun setUp() {
+        MockKAnnotations.init(this, relaxed = true)
+        every { authStore.signedInProjectId } returns projectId
+        coEvery { configManager.getProject(projectId) } returns project
+        coEvery { configManager.getProjectConfiguration() } returns projectConfig
+        viewModel = createViewModel()
+    }
+
+    fun createViewModel() = ExternalCredentialSearchViewModel(
+        scannedCredential = scannedCredential,
+        externalCredentialParams = externalCredentialParams,
+        authStore = authStore,
+        configManager = configManager,
+        matchCandidatesUseCase = matchCandidatesUseCase,
+        tokenizationProcessor = tokenizationProcessor,
+        enrolmentRecordRepository = enrolmentRecordRepository,
+    )
+
+    @Test
+    fun `initial state starts searching when credential not found`() = runTest {
+        val decryptedCredential = mockk<TokenizableString.Raw>()
+        coEvery { tokenizationProcessor.decrypt(any(), TokenKeyType.ExternalCredential, project) } returns decryptedCredential
+        coEvery { enrolmentRecordRepository.load(any()) } returns emptyList()
+
+        viewModel = createViewModel()
+        val observer = viewModel.stateLiveData.test()
+
+        assertThat(observer.value()?.searchState).isEqualTo(SearchState.CredentialNotFound)
+        assertThat(observer.value()?.scannedCredential).isEqualTo(scannedCredential)
+        assertThat(observer.value()?.isConfirmed).isFalse()
+        assertThat(observer.value()?.displayedCredential).isEqualTo(decryptedCredential)
+    }
+
+    @Test
+    fun `initial state searches and finds linked credential`() = runTest {
+        val decryptedCredential = mockk<TokenizableString.Raw>()
+        coEvery { tokenizationProcessor.decrypt(any(), TokenKeyType.ExternalCredential, project) } returns decryptedCredential
+        coEvery { enrolmentRecordRepository.load(any()) } returns listOf(subject)
+        coEvery {
+            matchCandidatesUseCase(any(), any(), any(), any(), any())
+        } returns listOf(candidateMatch)
+
+        viewModel = createViewModel()
+
+        val searchState = viewModel.stateLiveData.value?.searchState as SearchState.CredentialLinked
+        assertThat(searchState.matchResults).hasSize(1)
+        assertThat(searchState.matchResults.first()).isEqualTo(candidateMatch)
+    }
+
+    @Test
+    fun `updateConfirmation updates isConfirmed state`() = runTest {
+        val decryptedCredential = mockk<TokenizableString.Raw>()
+        coEvery { tokenizationProcessor.decrypt(any(), TokenKeyType.ExternalCredential, project) } returns decryptedCredential
+        coEvery { enrolmentRecordRepository.load(any()) } returns emptyList()
+
+        viewModel = createViewModel()
+        val observer = viewModel.stateLiveData.test()
+
+        viewModel.updateConfirmation(true)
+        assertThat(observer.value()?.isConfirmed).isTrue()
+        viewModel.updateConfirmation(false)
+        assertThat(observer.value()?.isConfirmed).isFalse()
+    }
+
+    @Test
+    fun `confirmCredentialUpdate triggers new search and encrypts credential`() = runTest {
+        val decryptedCredential = mockk<TokenizableString.Raw>()
+        val newCredential = "newCredential".asTokenizableRaw()
+        val encryptedCredential = mockk<TokenizableString.Tokenized>()
+
+        coEvery { tokenizationProcessor.decrypt(any(), TokenKeyType.ExternalCredential, project) } returns decryptedCredential
+        coEvery { enrolmentRecordRepository.load(any()) } returns emptyList()
+        coEvery { tokenizationProcessor.encrypt(newCredential, TokenKeyType.ExternalCredential, project) } returns encryptedCredential
+
+        viewModel = createViewModel()
+
+        viewModel.confirmCredentialUpdate(newCredential)
+
+        coVerify { tokenizationProcessor.encrypt(newCredential, TokenKeyType.ExternalCredential, project) }
+        coVerify { enrolmentRecordRepository.load(match { it.externalCredential == encryptedCredential }) }
+        assertThat(viewModel.stateLiveData.value?.displayedCredential).isEqualTo(newCredential)
+    }
+
+    @Test
+    fun `getButtonTextResource returns null when searching`() = runTest {
+        val result = viewModel.getButtonTextResource(SearchState.Searching, FlowType.IDENTIFY)
+        assertThat(result).isNull()
+    }
+
+    @Test
+    fun `getButtonTextResource returns 'enrol anyway' when credential linked and flow is ENROL`() = runTest {
+        val searchState = SearchState.CredentialLinked(emptyList())
+        val result = viewModel.getButtonTextResource(searchState, FlowType.ENROL)
+        assertThat(result).isEqualTo(IDR.string.mfid_action_enrol_anyway)
+    }
+
+    @Test
+    fun `getButtonTextResource returns 'continue' when credential linked and not verified and flow is IDENTIFY`() = runTest {
+        coEvery { enrolmentRecordRepository.load(any()) } returns emptyList()
+        val searchState = SearchState.CredentialLinked(listOf(candidateMatch))
+        every { candidateMatch.isVerificationSuccessful } returns false
+        val result = viewModel.getButtonTextResource(searchState, FlowType.IDENTIFY)
+        assertThat(result).isEqualTo(IDR.string.mfid_action_continue)
+    }
+
+    @Test
+    fun `getButtonTextResource returns 'enrol' when credential not found and flow is ENROL`() = runTest {
+        val result = viewModel.getButtonTextResource(SearchState.CredentialNotFound, FlowType.ENROL)
+        assertThat(result).isEqualTo(IDR.string.mfid_action_enrol)
+    }
+
+    @Test
+    fun `getKeyBoardInputType returns number for NHIS card`() = runTest {
+        every { scannedCredential.credentialType } returns ExternalCredentialType.NHISCard
+        viewModel = createViewModel()
+        val result = viewModel.getKeyBoardInputType()
+        assertThat(result).isEqualTo(InputType.TYPE_CLASS_NUMBER)
+    }
+
+    @Test
+    fun `getKeyBoardInputType returns text for Ghana ID card`() = runTest {
+        every { scannedCredential.credentialType } returns ExternalCredentialType.GhanaIdCard
+        viewModel = createViewModel()
+        val result = viewModel.getKeyBoardInputType()
+        assertThat(result).isEqualTo(InputType.TYPE_CLASS_TEXT)
+    }
+
+    @Test
+    fun `getKeyBoardInputType returns text for QR code`() = runTest {
+        every { scannedCredential.credentialType } returns ExternalCredentialType.QRCode
+        viewModel = createViewModel()
+        val result = viewModel.getKeyBoardInputType()
+        assertThat(result).isEqualTo(InputType.TYPE_CLASS_TEXT)
+    }
+
+    @Test
+    fun `finish sends empty matches when credential not found`() = runTest {
+        viewModel = createViewModel()
+        viewModel.finish(SearchState.CredentialNotFound)
+        val finishEvent = viewModel.finishEvent.value?.peekContent()
+        assertThat(finishEvent).isNotNull()
+        assertThat(finishEvent?.matchResults).isEmpty()
+        assertThat(finishEvent?.scannedCredential).isEqualTo(scannedCredential)
+    }
+
+    @Test
+    fun `finish sends empty matches when still searching`() = runTest {
+        viewModel = createViewModel()
+        viewModel.finish(SearchState.Searching)
+        val finishEvent = viewModel.finishEvent.value?.peekContent()
+        assertThat(finishEvent).isNotNull()
+        assertThat(finishEvent?.matchResults).isEmpty()
+    }
+
+    @Test
+    fun `finish sends match results when credential linked`() = runTest {
+        val searchState = SearchState.CredentialLinked(listOf(candidateMatch))
+        viewModel.finish(searchState)
+        val finishEvent = viewModel.finishEvent.value?.peekContent()
+        assertThat(finishEvent).isNotNull()
+        assertThat(finishEvent?.matchResults).hasSize(1)
+        assertThat(finishEvent?.matchResults?.first()).isEqualTo(candidateMatch)
+        assertThat(finishEvent?.scannedCredential).isEqualTo(scannedCredential)
+    }
+
+    @Test
+    fun `decryptCredentialToDisplay updates displayedCredential state`() = runTest {
+        val encryptedCredential = mockk<TokenizableString.Tokenized>()
+        val decryptedCredential = "decryptedValue".asTokenizableRaw()
+
+        every { scannedCredential.credential } returns encryptedCredential
+        coEvery { tokenizationProcessor.decrypt(encryptedCredential, TokenKeyType.ExternalCredential, project) } returns decryptedCredential
+        coEvery { enrolmentRecordRepository.load(any()) } returns emptyList()
+
+        viewModel = createViewModel()
+
+        assertThat(viewModel.stateLiveData.value?.displayedCredential).isEqualTo(decryptedCredential)
+        coVerify { tokenizationProcessor.decrypt(encryptedCredential, TokenKeyType.ExternalCredential, project) }
+    }
+}
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/usecase/CreateMatchParamsUseCaseTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/usecase/CreateMatchParamsUseCaseTest.kt
new file mode 100644
index 0000000000..c3c7da0ce5
--- /dev/null
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/usecase/CreateMatchParamsUseCaseTest.kt
@@ -0,0 +1,211 @@
+package com.simprints.feature.externalcredential.screens.search.usecase
+
+import com.google.common.truth.Truth.*
+import com.simprints.core.domain.common.FlowType
+import com.simprints.infra.config.store.models.AgeGroup
+import com.simprints.infra.config.store.models.FaceConfiguration
+import com.simprints.infra.config.store.models.FingerprintConfiguration
+import com.simprints.infra.config.store.models.GeneralConfiguration
+import com.simprints.infra.config.store.models.ProjectConfiguration
+import com.simprints.infra.config.store.models.determineFaceSDKs
+import com.simprints.infra.config.store.models.determineFingerprintSDKs
+import com.simprints.infra.enrolment.records.repository.domain.models.BiometricDataSource
+import com.simprints.infra.matching.MatchParams
+import io.mockk.*
+import io.mockk.impl.annotations.MockK
+import org.junit.Before
+import org.junit.Test
+
+internal class CreateMatchParamsUseCaseTest {
+    private val useCase = CreateMatchParamsUseCase()
+
+    private val subjectId = "subjectId"
+    private val probeReferenceId = "probeReferenceId"
+    private val flowType = FlowType.IDENTIFY
+    private val ageGroup = AgeGroup(25, 30)
+
+    @MockK
+    private lateinit var faceSample: MatchParams.FaceSample
+
+    @MockK
+    private lateinit var fingerprintSample: MatchParams.FingerprintSample
+
+    @MockK
+    private lateinit var generalConfiguration: GeneralConfiguration
+
+    @MockK
+    private lateinit var projectConfiguration: ProjectConfiguration
+
+    @Before
+    fun setUp() {
+        MockKAnnotations.init(this, relaxed = true)
+        mockkStatic("com.simprints.infra.config.store.models.ProjectConfigurationKt")
+        every { projectConfiguration.general } returns generalConfiguration
+    }
+
+    @Test
+    fun ` creates correct MatchParams for face modality`() {
+        every { projectConfiguration.determineFaceSDKs(ageGroup) } returns listOf(
+            FaceConfiguration.BioSdk.RANK_ONE,
+            FaceConfiguration.BioSdk.SIM_FACE,
+        )
+        every { projectConfiguration.determineFingerprintSDKs(ageGroup) } returns emptyList()
+        every { generalConfiguration.matchingModalities } returns listOf(GeneralConfiguration.Modality.FACE)
+
+        val result = useCase(
+            candidateSubjectId = subjectId,
+            flowType = flowType,
+            probeReferenceId = probeReferenceId,
+            projectConfiguration = projectConfiguration,
+            faceSamples = listOf(faceSample),
+            fingerprintSamples = emptyList(),
+            ageGroup = ageGroup,
+        )
+
+        assertThat(result).hasSize(2)
+        result.forEach { matchParams ->
+            assertThat(matchParams.probeReferenceId).isEqualTo(probeReferenceId)
+            assertThat(matchParams.flowType).isEqualTo(flowType)
+            assertThat(matchParams.queryForCandidates.subjectId).isEqualTo(subjectId)
+            assertThat(matchParams.biometricDataSource).isEqualTo(BiometricDataSource.Simprints)
+            assertThat(matchParams.probeFaceSamples).containsExactly(faceSample)
+            assertThat(matchParams.faceSDK).isNotNull()
+        }
+        assertThat(result[0].faceSDK).isEqualTo(FaceConfiguration.BioSdk.RANK_ONE)
+        assertThat(result[1].faceSDK).isEqualTo(FaceConfiguration.BioSdk.SIM_FACE)
+    }
+
+    @Test
+    fun ` creates correct  MatchParams for fingerprint modality`() {
+        every { projectConfiguration.determineFaceSDKs(ageGroup) } returns emptyList()
+        every { projectConfiguration.determineFingerprintSDKs(ageGroup) } returns listOf(
+            FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER,
+            FingerprintConfiguration.BioSdk.NEC,
+        )
+        every { generalConfiguration.matchingModalities } returns listOf(GeneralConfiguration.Modality.FINGERPRINT)
+
+        val result = useCase(
+            candidateSubjectId = subjectId,
+            flowType = flowType,
+            probeReferenceId = probeReferenceId,
+            projectConfiguration = projectConfiguration,
+            faceSamples = emptyList(),
+            fingerprintSamples = listOf(fingerprintSample),
+            ageGroup = ageGroup,
+        )
+
+        assertThat(result).hasSize(2)
+        result.forEach { matchParams ->
+            assertThat(matchParams.probeReferenceId).isEqualTo(probeReferenceId)
+            assertThat(matchParams.flowType).isEqualTo(flowType)
+            assertThat(matchParams.queryForCandidates.subjectId).isEqualTo(subjectId)
+            assertThat(matchParams.biometricDataSource).isEqualTo(BiometricDataSource.Simprints)
+            assertThat(matchParams.probeFingerprintSamples).containsExactly(fingerprintSample)
+            assertThat(matchParams.fingerprintSDK).isNotNull()
+        }
+        assertThat(result[0].fingerprintSDK).isEqualTo(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER)
+        assertThat(result[1].fingerprintSDK).isEqualTo(FingerprintConfiguration.BioSdk.NEC)
+    }
+
+    @Test
+    fun ` creates correct  MatchParams for multiple`() {
+        every { generalConfiguration.matchingModalities } returns listOf(
+            GeneralConfiguration.Modality.FACE,
+            GeneralConfiguration.Modality.FINGERPRINT,
+        )
+        every { projectConfiguration.determineFaceSDKs(ageGroup) } returns listOf(
+            FaceConfiguration.BioSdk.RANK_ONE,
+        )
+        every { projectConfiguration.determineFingerprintSDKs(ageGroup) } returns listOf(
+            FingerprintConfiguration.BioSdk.NEC,
+        )
+
+        val result = useCase(
+            candidateSubjectId = subjectId,
+            flowType = flowType,
+            probeReferenceId = probeReferenceId,
+            projectConfiguration = projectConfiguration,
+            faceSamples = listOf(faceSample),
+            fingerprintSamples = listOf(fingerprintSample),
+            ageGroup = ageGroup,
+        )
+
+        assertThat(result).hasSize(2)
+
+        val faceMatch = result.find { it.faceSDK != null }
+        assertThat(faceMatch).isNotNull()
+        assertThat(faceMatch?.faceSDK).isEqualTo(FaceConfiguration.BioSdk.RANK_ONE)
+        assertThat(faceMatch?.probeFaceSamples).containsExactly(faceSample)
+
+        val fingerprintMatch = result.find { it.fingerprintSDK != null }
+        assertThat(fingerprintMatch).isNotNull()
+        assertThat(fingerprintMatch?.fingerprintSDK).isEqualTo(FingerprintConfiguration.BioSdk.NEC)
+        assertThat(fingerprintMatch?.probeFingerprintSamples).containsExactly(fingerprintSample)
+    }
+
+    @Test
+    fun ` handles null ageGroup`() {
+        every { projectConfiguration.determineFaceSDKs(null) } returns listOf(
+            FaceConfiguration.BioSdk.RANK_ONE,
+        )
+        every { projectConfiguration.determineFingerprintSDKs(null) } returns emptyList()
+        every { generalConfiguration.matchingModalities } returns listOf(GeneralConfiguration.Modality.FACE)
+
+        val result = useCase(
+            candidateSubjectId = subjectId,
+            flowType = flowType,
+            probeReferenceId = probeReferenceId,
+            projectConfiguration = projectConfiguration,
+            faceSamples = listOf(faceSample),
+            fingerprintSamples = emptyList(),
+            ageGroup = null,
+        )
+
+        assertThat(result).hasSize(1)
+    }
+
+    @Test
+    fun ` returns empty list when no SDKs available`() {
+        every { projectConfiguration.determineFaceSDKs(ageGroup) } returns emptyList()
+        every { projectConfiguration.determineFingerprintSDKs(ageGroup) } returns emptyList()
+
+        val result = useCase(
+            candidateSubjectId = subjectId,
+            flowType = flowType,
+            probeReferenceId = probeReferenceId,
+            projectConfiguration = projectConfiguration,
+            faceSamples = listOf(faceSample),
+            fingerprintSamples = listOf(fingerprintSample),
+            ageGroup = ageGroup,
+        )
+
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun ` creates multiple MatchParams for multiple face SDKs`() {
+        every { projectConfiguration.determineFaceSDKs(ageGroup) } returns listOf(
+            FaceConfiguration.BioSdk.RANK_ONE,
+            FaceConfiguration.BioSdk.SIM_FACE,
+        )
+        every { projectConfiguration.determineFingerprintSDKs(ageGroup) } returns emptyList()
+        every { generalConfiguration.matchingModalities } returns listOf(GeneralConfiguration.Modality.FACE)
+
+        val faceSamples = listOf(faceSample, mockk(relaxed = true))
+
+        val result = useCase(
+            candidateSubjectId = subjectId,
+            flowType = flowType,
+            probeReferenceId = probeReferenceId,
+            projectConfiguration = projectConfiguration,
+            faceSamples = faceSamples,
+            fingerprintSamples = emptyList(),
+            ageGroup = ageGroup,
+        )
+
+        assertThat(result).hasSize(2)
+        result.forEach { matchParams ->
+            assertThat(matchParams.probeFaceSamples).hasSize(2)
+        }
+    }
+}
diff --git a/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/usecase/MatchCandidatesUseCaseTest.kt b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/usecase/MatchCandidatesUseCaseTest.kt
new file mode 100644
index 0000000000..826ae4ed66
--- /dev/null
+++ b/feature/external-credential/src/test/java/com/simprints/feature/externalcredential/screens/search/usecase/MatchCandidatesUseCaseTest.kt
@@ -0,0 +1,280 @@
+package com.simprints.feature.externalcredential.screens.search.usecase
+
+import com.google.common.truth.Truth.*
+import com.simprints.core.domain.common.FlowType
+import com.simprints.core.domain.tokenization.asTokenizableEncrypted
+import com.simprints.feature.externalcredential.model.ExternalCredentialParams
+import com.simprints.infra.config.store.models.AgeGroup
+import com.simprints.infra.config.store.models.FaceConfiguration
+import com.simprints.infra.config.store.models.FingerprintConfiguration
+import com.simprints.infra.config.store.models.Project
+import com.simprints.infra.config.store.models.ProjectConfiguration
+import com.simprints.infra.enrolment.records.repository.domain.models.Subject
+import com.simprints.infra.matching.MatchParams
+import com.simprints.infra.matching.MatchResultItem
+import com.simprints.infra.matching.usecase.FaceMatcherUseCase
+import com.simprints.infra.matching.usecase.FingerprintMatcherUseCase
+import com.simprints.infra.matching.usecase.MatcherUseCase.MatcherState
+import io.mockk.*
+import io.mockk.impl.annotations.MockK
+import kotlinx.coroutines.flow.flowOf
+import kotlinx.coroutines.test.runTest
+import org.junit.Before
+import org.junit.Test
+
+internal class MatchCandidatesUseCaseTest {
+
+    private lateinit var useCase: MatchCandidatesUseCase
+
+    @MockK
+    private lateinit var createMatchParamsUseCase: CreateMatchParamsUseCase
+
+    @MockK
+    private lateinit var faceMatcher: FaceMatcherUseCase
+
+    @MockK
+    private lateinit var fingerprintMatcher: FingerprintMatcherUseCase
+
+    @MockK
+    private lateinit var subject: Subject
+
+    @MockK
+    private lateinit var project: Project
+
+    @MockK
+    private lateinit var projectConfig: ProjectConfiguration
+
+    @MockK
+    private lateinit var externalCredentialParams: ExternalCredentialParams
+
+    @MockK
+    private lateinit var faceConfig: FaceConfiguration
+
+    @MockK
+    private lateinit var fingerprintConfig: FingerprintConfiguration
+
+    @MockK
+    private lateinit var faceSdkConfig: FaceConfiguration.FaceSdkConfiguration
+
+    @MockK
+    private lateinit var fingerprintSdkConfig: FingerprintConfiguration.FingerprintSdkConfiguration
+
+    @MockK
+    private lateinit var matchResultItem: MatchResultItem
+
+    @MockK
+    private lateinit var matchParams: MatchParams
+
+    @MockK
+    private lateinit var faceSample: MatchParams.FaceSample
+
+    @MockK
+    private lateinit var fingerprintSample: MatchParams.FingerprintSample
+
+    @MockK
+    private lateinit var ageGroup: AgeGroup
+
+    @MockK
+    private lateinit var matcherSuccess: MatcherState.Success
+
+    private val credential = "credential".asTokenizableEncrypted()
+    private val subjectId = "subjectId"
+    private val probeReferenceId = "probeReferenceId"
+    private val verificationMatchThreshold = 50.0f
+
+    @Before
+    fun setUp() {
+        MockKAnnotations.init(this, relaxed = true)
+        useCase = MatchCandidatesUseCase(
+            createMatchParamsUseCase = createMatchParamsUseCase,
+            faceMatcher = faceMatcher,
+            fingerprintMatcher = fingerprintMatcher
+        )
+
+        every { subject.subjectId } returns subjectId
+        every { externalCredentialParams.probeReferenceId } returns probeReferenceId
+        every { externalCredentialParams.flowType } returns FlowType.VERIFY
+        every { externalCredentialParams.faceSamples } returns listOf(faceSample)
+        every { externalCredentialParams.fingerprintSamples } returns listOf(fingerprintSample)
+        every { externalCredentialParams.ageGroup } returns ageGroup
+
+        every { matchParams.faceSDK } returns FaceConfiguration.BioSdk.RANK_ONE
+        every { matchParams.fingerprintSDK } returns FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER
+        coEvery {
+            createMatchParamsUseCase(
+                candidateSubjectId = any(),
+                flowType = any(),
+                probeReferenceId = any(),
+                projectConfiguration = any(),
+                faceSamples = any(),
+                fingerprintSamples = any(),
+                ageGroup = any()
+            )
+        } returns listOf(matchParams)
+        every { projectConfig.face } returns faceConfig
+        every { projectConfig.fingerprint } returns fingerprintConfig
+        every { faceConfig.getSdkConfiguration(FaceConfiguration.BioSdk.RANK_ONE) } returns faceSdkConfig
+        every { faceSdkConfig.verificationMatchThreshold } returns verificationMatchThreshold
+        every { fingerprintConfig.getSdkConfiguration(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER) } returns fingerprintSdkConfig
+        every { fingerprintSdkConfig.verificationMatchThreshold } returns verificationMatchThreshold
+        every { matcherSuccess.matchResultItems } returns listOf(matchResultItem)
+        coEvery { faceMatcher(matchParams, project) } returns flowOf(matcherSuccess)
+        coEvery { fingerprintMatcher(matchParams, project) } returns flowOf(matcherSuccess)
+    }
+
+    private fun initMatchParams(isFace: Boolean) {
+        val (faceSamples, fingerprintSamples) = if (isFace) {
+            listOf(faceSample) to emptyList()
+        } else {
+            emptyList<MatchParams.FaceSample>() to listOf(fingerprintSample)
+        }
+        every { matchParams.probeFaceSamples } returns faceSamples
+        every { matchParams.faceSDK } returns FaceConfiguration.BioSdk.RANK_ONE
+        every { matchParams.probeFingerprintSamples } returns fingerprintSamples
+        every { matchParams.fingerprintSDK } returns FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER
+
+    }
+
+    @Test
+    fun `returns face matches when face samples present`() = runTest {
+        initMatchParams(isFace = true)
+        val result = useCase.invoke(
+            candidates = listOf(subject),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+
+        assertThat(result).hasSize(1)
+        assertThat(result[0].credential).isEqualTo(credential)
+        assertThat(result[0].matchResult).isEqualTo(matchResultItem)
+        assertThat(result[0].verificationThreshold).isEqualTo(verificationMatchThreshold)
+        assertThat(result[0].faceBioSdk).isEqualTo(FaceConfiguration.BioSdk.RANK_ONE)
+        assertThat(result[0].fingerprintBioSdk).isNull()
+    }
+
+    @Test
+    fun `returns fingerprint matches when no face samples present`() = runTest {
+        initMatchParams(isFace = false)
+        val result = useCase.invoke(
+            candidates = listOf(subject),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+
+        assertThat(result).hasSize(1)
+        assertThat(result[0].credential).isEqualTo(credential)
+        assertThat(result[0].matchResult).isEqualTo(matchResultItem)
+        assertThat(result[0].verificationThreshold).isEqualTo(verificationMatchThreshold)
+        assertThat(result[0].faceBioSdk).isNull()
+        assertThat(result[0].fingerprintBioSdk).isEqualTo(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER)
+    }
+
+    @Test
+    fun `returns empty list when no candidates provided`() = runTest {
+        val result = useCase.invoke(
+            candidates = emptyList(),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `returns empty list when face SDK is null`() = runTest {
+        initMatchParams(isFace = true)
+        every { matchParams.faceSDK } returns null
+
+        val result = useCase.invoke(
+            candidates = listOf(subject),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `returns empty list when fingerprint SDK is null`() = runTest {
+        initMatchParams(isFace = false)
+        every { matchParams.fingerprintSDK } returns null
+
+        val result = useCase.invoke(
+            candidates = listOf(subject),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `returns empty list when face SDK configuration is null`() = runTest {
+        initMatchParams(isFace = true)
+        every { faceConfig.getSdkConfiguration(FaceConfiguration.BioSdk.RANK_ONE) } returns null
+
+        val result = useCase.invoke(
+            candidates = listOf(subject),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `returns empty list when fingerprint SDK configuration is null`() = runTest {
+        initMatchParams(isFace = false)
+        every { fingerprintConfig.getSdkConfiguration(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER) } returns null
+
+        val result = useCase.invoke(
+            candidates = listOf(subject),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `returns empty list when face verification match threshold is null`() = runTest {
+        initMatchParams(isFace = true)
+        every { faceSdkConfig.verificationMatchThreshold } returns null
+        val result = useCase(
+            candidates = listOf(subject),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `returns empty list when fingerprint match threshold is null`() = runTest {
+        initMatchParams(isFace = false)
+        every { fingerprintSdkConfig.verificationMatchThreshold } returns null
+        val result = useCase(
+            candidates = listOf(subject),
+            credential = credential,
+            externalCredentialParams = externalCredentialParams,
+            project = project,
+            projectConfig = projectConfig
+        )
+        assertThat(result).isEmpty()
+    }
+}
diff --git a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/OrchestratorFragment.kt b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/OrchestratorFragment.kt
index c65da6682e..287d447892 100644
--- a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/OrchestratorFragment.kt
+++ b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/OrchestratorFragment.kt
@@ -19,6 +19,7 @@ import com.simprints.feature.clientapi.extensions.getResultCodeFromExtras
 import com.simprints.feature.consent.ConsentContract
 import com.simprints.feature.enrollast.EnrolLastBiometricContract
 import com.simprints.feature.exitform.ExitFormContract
+import com.simprints.feature.externalcredential.ExternalCredentialContract
 import com.simprints.feature.fetchsubject.FetchSubjectContract
 import com.simprints.feature.login.LoginContract
 import com.simprints.feature.login.LoginResult
@@ -126,6 +127,7 @@ internal class OrchestratorFragment : Fragment(R.layout.fragment_orchestrator) {
         handleResult(FetchSubjectContract.DESTINATION, orchestratorVm::handleResult)
         handleResult(ValidateSubjectPoolContract.DESTINATION, orchestratorVm::handleResult)
         handleResult(SelectSubjectAgeGroupContract.DESTINATION, orchestratorVm::handleResult)
+        handleResult(ExternalCredentialContract.DESTINATION, orchestratorVm::handleResult)
     }
 
     private fun <T : Serializable> handleResult(
diff --git a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/OrchestratorViewModel.kt b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/OrchestratorViewModel.kt
index 6c3d195128..ffbaeea079 100644
--- a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/OrchestratorViewModel.kt
+++ b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/OrchestratorViewModel.kt
@@ -6,6 +6,7 @@ import androidx.lifecycle.ViewModel
 import androidx.lifecycle.viewModelScope
 import com.fasterxml.jackson.core.type.TypeReference
 import com.fasterxml.jackson.databind.module.SimpleModule
+import com.simprints.core.domain.common.FlowType
 import com.simprints.core.domain.response.AppErrorReason
 import com.simprints.core.domain.step.StepResult
 import com.simprints.core.domain.tokenization.TokenizableString
@@ -18,6 +19,8 @@ import com.simprints.face.capture.FaceCaptureParams
 import com.simprints.face.capture.FaceCaptureResult
 import com.simprints.feature.enrollast.EnrolLastBiometricContract
 import com.simprints.feature.enrollast.EnrolLastBiometricParams
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
+import com.simprints.feature.externalcredential.model.ExternalCredentialParams
 import com.simprints.feature.orchestrator.cache.OrchestratorCache
 import com.simprints.feature.orchestrator.exceptions.SubjectAgeNotSupportedException
 import com.simprints.feature.orchestrator.model.OrchestratorResult
@@ -119,6 +122,7 @@ internal class OrchestratorViewModel @Inject constructor(
             Simber.i("Completed step: ${step.id}", tag = ORCHESTRATION)
 
             updateMatcherStepPayload(step, result)
+            updateExternalCredentialStepPayload(step, result)
         }
 
         if (result is SelectSubjectAgeGroupResult) {
@@ -131,6 +135,10 @@ internal class OrchestratorViewModel @Inject constructor(
             steps = steps + captureAndMatchSteps
         }
 
+        if (result is ExternalCredentialSearchResult) {
+            removeMatcherStepIfRequired(result)
+        }
+
         doNextStep()
     }
 
@@ -181,6 +189,22 @@ internal class OrchestratorViewModel @Inject constructor(
         }
     }
 
+    /**
+     * Removes Matcher steps during [FlowType.IDENTIFY] flow if External Credential search found any match.
+     */
+    private fun removeMatcherStepIfRequired(result: ExternalCredentialSearchResult) {
+        if (result.flowType == FlowType.IDENTIFY) {
+            val confirmedVerifications = result.goodMatches.size
+            if(confirmedVerifications > 0) {
+                steps = steps.filterNot { it.id in listOf(StepId.FACE_MATCHER, StepId.FINGERPRINT_MATCHER) }
+                Simber.i(
+                    "Matcher steps removed because External Credential search verified [$confirmedVerifications] candidate(s). Flow type = [${result.flowType}]",
+                    tag = ORCHESTRATION
+                )
+            }
+        }
+    }
+
     /**
      * Update the enrol last biometric params in case there were more steps executed in the current flow.
      */
@@ -277,6 +301,45 @@ internal class OrchestratorViewModel @Inject constructor(
         }
     }
 
+    /**
+     * Passes face or fingerprint samples to the External Credential search step
+     */
+    private fun updateExternalCredentialStepPayload(currentStep: Step, result: StepResult) {
+        if (currentStep.id !in listOf(StepId.FACE_CAPTURE, StepId.FINGERPRINT_CAPTURE)) return
+        val step = steps.firstOrNull { it.id == StepId.EXTERNAL_CREDENTIAL } ?: return
+        val params = step.params as? ExternalCredentialParams ?: return
+        val updatedParams = when {
+            currentStep.id == StepId.FACE_CAPTURE && result is FaceCaptureResult -> {
+                val faceSamples = result.results
+                    .mapNotNull { it.sample }
+                    .map { MatchParams.FaceSample(it.faceId, it.template) }
+                params.copy(
+                    probeReferenceId = result.referenceId,
+                    faceSamples = faceSamples,
+                )
+            }
+
+            currentStep.id == StepId.FINGERPRINT_CAPTURE && result is FingerprintCaptureResult -> {
+                val fingerprintSamples = result.results
+                    .mapNotNull { it.sample }
+                    .map {
+                        MatchParams.FingerprintSample(
+                            fingerId = it.fingerIdentifier,
+                            format = it.format,
+                            template = it.template,
+                        )
+                    }
+                params.copy(
+                    probeReferenceId = result.referenceId,
+                    fingerprintSamples = fingerprintSamples,
+                )
+            }
+
+            else -> params
+        }
+        step.params = updatedParams
+    }
+
     fun setActionRequestFromJson(json: String) {
         try {
             actionRequest = JsonHelper.fromJson(
diff --git a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/steps/Step.kt b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/steps/Step.kt
index 097f692445..d4e72a7160 100644
--- a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/steps/Step.kt
+++ b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/steps/Step.kt
@@ -18,6 +18,7 @@ import com.simprints.feature.enrollast.FaceTemplateCaptureResult
 import com.simprints.feature.enrollast.FingerTemplateCaptureResult
 import com.simprints.feature.enrollast.MatchResult
 import com.simprints.feature.exitform.ExitFormResult
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
 import com.simprints.feature.externalcredential.model.ExternalCredentialParams
 import com.simprints.feature.fetchsubject.FetchSubjectParams
 import com.simprints.feature.fetchsubject.FetchSubjectResult
@@ -114,6 +115,7 @@ abstract class StepResultMixin : StepResult
         name = "EnrolLastBiometricStepResult.FaceCaptureResult",
     ),
     JsonSubTypes.Type(value = ExternalCredentialParams::class, name = "ExternalCredentialParams"),
+    JsonSubTypes.Type(value = ExternalCredentialSearchResult::class, name = "ExternalCredentialSearchResult"),
     JsonSubTypes.Type(value = MatchResult::class, name = "MatchResult"),
     JsonSubTypes.Type(value = FingerTemplateCaptureResult::class, name = "FingerTemplateCaptureResult"),
     JsonSubTypes.Type(value = FaceTemplateCaptureResult::class, name = "FaceTemplateCaptureResult"),
diff --git a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/CreateEnrolResponseUseCase.kt b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/CreateEnrolResponseUseCase.kt
index 6cf73f2567..888dc102f2 100644
--- a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/CreateEnrolResponseUseCase.kt
+++ b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/CreateEnrolResponseUseCase.kt
@@ -3,6 +3,8 @@ package com.simprints.feature.orchestrator.usecases.response
 import com.simprints.core.domain.externalcredential.ExternalCredential
 import com.simprints.core.domain.response.AppErrorReason
 import com.simprints.face.capture.FaceCaptureResult
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
+import com.simprints.feature.externalcredential.screens.search.model.ScannedCredential
 import com.simprints.fingerprint.capture.FingerprintCaptureResult
 import com.simprints.infra.config.store.models.Project
 import com.simprints.infra.eventsync.sync.common.SubjectFactory
@@ -13,6 +15,7 @@ import com.simprints.infra.orchestration.data.responses.AppEnrolResponse
 import com.simprints.infra.orchestration.data.responses.AppErrorResponse
 import com.simprints.infra.orchestration.data.responses.AppResponse
 import java.io.Serializable
+import java.util.UUID
 import javax.inject.Inject
 
 internal class CreateEnrolResponseUseCase @Inject constructor(
@@ -27,8 +30,8 @@ internal class CreateEnrolResponseUseCase @Inject constructor(
     ): AppResponse {
         val fingerprintCapture = results.filterIsInstance(FingerprintCaptureResult::class.java).lastOrNull()
         val faceCapture = results.filterIsInstance(FaceCaptureResult::class.java).lastOrNull()
-        // TODO [CORE-3421] When an external credential can be extracted from the UI-level steps, extract it here
-        val externalCredential: ExternalCredential? = null
+        val credentialResult = results.filterIsInstance(ExternalCredentialSearchResult::class.java).lastOrNull()
+        val externalCredential = credentialResult?.scannedCredential?.toExternalCredential(enrolmentSubjectId)
 
         return try {
             val subject = subjectFactory.buildSubjectFromCaptureResults(
@@ -48,4 +51,11 @@ internal class CreateEnrolResponseUseCase @Inject constructor(
             AppErrorResponse(AppErrorReason.UNEXPECTED_ERROR)
         }
     }
+
+    private fun ScannedCredential.toExternalCredential(subjectId: String) = ExternalCredential(
+        id = UUID.randomUUID().toString(),
+        value = credential,
+        subjectId = subjectId,
+        type = credentialType,
+    )
 }
diff --git a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/CreateIdentifyResponseUseCase.kt b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/CreateIdentifyResponseUseCase.kt
index 8b6d7a42c4..e42b348fa1 100644
--- a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/CreateIdentifyResponseUseCase.kt
+++ b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/CreateIdentifyResponseUseCase.kt
@@ -1,12 +1,14 @@
 package com.simprints.feature.orchestrator.usecases.response
 
+import com.simprints.core.domain.response.AppMatchConfidence
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
 import com.simprints.infra.config.store.models.ProjectConfiguration
 import com.simprints.infra.events.session.SessionEventRepository
+import com.simprints.infra.matching.FaceMatchResult
+import com.simprints.infra.matching.FingerprintMatchResult
 import com.simprints.infra.orchestration.data.responses.AppIdentifyResponse
 import com.simprints.infra.orchestration.data.responses.AppMatchResult
 import com.simprints.infra.orchestration.data.responses.AppResponse
-import com.simprints.infra.matching.FaceMatchResult
-import com.simprints.infra.matching.FingerprintMatchResult
 import java.io.Serializable
 import javax.inject.Inject
 
@@ -17,21 +19,24 @@ internal class CreateIdentifyResponseUseCase @Inject constructor(
         projectConfiguration: ProjectConfiguration,
         results: List<Serializable>,
     ): AppResponse {
+        val credentialFaceMatchResults = credentialResultsMapper(results, isFace = true)
+        val credentialFingerprintMatchResults = credentialResultsMapper(results, isFace = false)
+
         val currentSessionId = eventRepository.getCurrentSessionScope().id
 
-        val faceResults = getFaceMatchResults(results, projectConfiguration)
+        val faceResults = credentialFaceMatchResults + getFaceMatchResults(results, projectConfiguration)
         val bestFaceConfidence = faceResults.firstOrNull()?.confidenceScore ?: 0
 
-        val fingerprintResults = getFingerprintResults(results, projectConfiguration)
+        val fingerprintResults = credentialFingerprintMatchResults + getFingerprintResults(results, projectConfiguration)
         val bestFingerprintConfidence = fingerprintResults.firstOrNull()?.confidenceScore ?: 0
 
         return AppIdentifyResponse(
             sessionId = currentSessionId,
             // Return the results with the highest confidence score
             identifications = if (bestFingerprintConfidence > bestFaceConfidence) {
-                fingerprintResults
+                fingerprintResults.distinctBy(AppMatchResult::guid)
             } else {
-                faceResults
+                faceResults.distinctBy(AppMatchResult::guid)
             },
         )
     }
@@ -77,4 +82,35 @@ internal class CreateIdentifyResponseUseCase @Inject constructor(
                     .map { AppMatchResult(it.subjectId, it.confidence, faceDecisionPolicy) }
             }
     } ?: emptyList()
+
+    /**
+     * Checks if any of the [results] items is an instance of [ExternalCredentialSearchResult]. If such item is found, then returns a list
+     * of candidates whose verification matching score  between the taken biometric probe, and a biometric probe linked to is above
+     * project's verification threshold.
+     *
+     * @return list of [AppMatchResult] containing possible verification matches
+     */
+    private fun credentialResultsMapper(
+        results: List<Serializable>,
+        isFace: Boolean,
+    ): List<AppMatchResult> = results.filterIsInstance<ExternalCredentialSearchResult>()
+        .firstOrNull()
+        ?.matchResults
+        ?.filter {
+            if (isFace) {
+                it.faceBioSdk != null
+            } else {
+                it.fingerprintBioSdk != null
+            }
+        }
+        ?.map {
+            AppMatchResult(
+                guid = it.matchResult.subjectId,
+                confidenceScore = it.matchResult.confidence.toInt(),
+                matchConfidence = AppMatchConfidence.HIGH,
+                verificationSuccess = true
+            )
+        }
+        ?.sortedByDescending(AppMatchResult::confidenceScore)
+        .orEmpty()
 }
diff --git a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/IsNewEnrolmentUseCase.kt b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/IsNewEnrolmentUseCase.kt
index 2993c22a21..a1e6809439 100644
--- a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/IsNewEnrolmentUseCase.kt
+++ b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/response/IsNewEnrolmentUseCase.kt
@@ -1,11 +1,11 @@
 package com.simprints.feature.orchestrator.usecases.response
 
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
 import com.simprints.infra.config.store.models.ProjectConfiguration
 import com.simprints.infra.matching.FaceMatchResult
 import com.simprints.infra.matching.FingerprintMatchResult
 import java.io.Serializable
 import javax.inject.Inject
-import kotlin.text.compareTo
 
 internal class IsNewEnrolmentUseCase @Inject constructor() {
     /**
@@ -16,6 +16,16 @@ internal class IsNewEnrolmentUseCase @Inject constructor() {
         projectConfiguration: ProjectConfiguration,
         results: List<Serializable>,
     ): Boolean {
+        val hasCredentialMatchResults =
+            results
+                .filterIsInstance<ExternalCredentialSearchResult>()
+                .firstOrNull()
+                ?.matchResults
+                ?.isNotEmpty() ?: false
+        if (hasCredentialMatchResults) {
+            return false
+        }
+
         if (!projectConfiguration.general.duplicateBiometricEnrolmentCheck) {
             // Duplicate check on enrolment is disabled
             return true
diff --git a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/steps/BuildStepsUseCase.kt b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/steps/BuildStepsUseCase.kt
index 6fe6bbf940..57f28d219e 100644
--- a/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/steps/BuildStepsUseCase.kt
+++ b/feature/orchestrator/src/main/java/com/simprints/feature/orchestrator/usecases/steps/BuildStepsUseCase.kt
@@ -20,11 +20,11 @@ import com.simprints.feature.setup.SetupContract
 import com.simprints.feature.validatepool.ValidateSubjectPoolContract
 import com.simprints.fingerprint.capture.FingerprintCaptureContract
 import com.simprints.infra.config.store.models.AgeGroup
-import com.simprints.infra.config.store.models.FaceConfiguration
-import com.simprints.infra.config.store.models.FingerprintConfiguration
 import com.simprints.infra.config.store.models.GeneralConfiguration.Modality
 import com.simprints.infra.config.store.models.ProjectConfiguration
 import com.simprints.infra.config.store.models.allowedAgeRanges
+import com.simprints.infra.config.store.models.determineFaceSDKs
+import com.simprints.infra.config.store.models.determineFingerprintSDKs
 import com.simprints.infra.config.store.models.experimental
 import com.simprints.infra.config.store.models.fromDomainToModuleApi
 import com.simprints.infra.config.store.models.isAgeRestricted
@@ -129,6 +129,7 @@ internal class BuildStepsUseCase @Inject constructor(
     }
 
     private fun buildExternalCredentialStepIfNeeded(
+        ageGroup: AgeGroup?,
         enrolmentSubjectId: String,
         projectConfiguration: ProjectConfiguration,
         flowType: FlowType
@@ -143,7 +144,11 @@ internal class BuildStepsUseCase @Inject constructor(
                         id = StepId.EXTERNAL_CREDENTIAL,
                         navigationActionId = R.id.action_orchestratorFragment_to_externalCredential,
                         destinationId = ExternalCredentialContract.DESTINATION,
-                        params = ExternalCredentialContract.getParams(subjectId = enrolmentSubjectId, flowType = flowType),
+                        params = ExternalCredentialContract.getParams(
+                            subjectId = enrolmentSubjectId,
+                            flowType = flowType,
+                            ageGroup = ageGroup,
+                        ),
                     )
                 )
             }
@@ -160,20 +165,25 @@ internal class BuildStepsUseCase @Inject constructor(
     ): List<Step> {
         val action = fallbackToCommCareDataSourceIfNeeded(action, projectConfiguration)
         val resolvedAgeGroup = ageGroup ?: ageGroupFromSubjectAge(action, projectConfiguration)
-
+        val enrolFlowType = FlowType.ENROL
         val captureSteps = buildCaptureSteps(
             projectConfiguration,
-            FlowType.ENROL,
+            enrolFlowType,
             resolvedAgeGroup,
         )
         val externalCredentialStep = when {
             captureSteps.isEmpty() -> emptyList()
-            else -> buildExternalCredentialStepIfNeeded(enrolmentSubjectId, projectConfiguration, FlowType.ENROL)
+            else -> buildExternalCredentialStepIfNeeded(
+                ageGroup = ageGroup,
+                enrolmentSubjectId = enrolmentSubjectId,
+                projectConfiguration = projectConfiguration,
+                flowType = enrolFlowType
+            )
         }
         val matcherSteps = if (projectConfiguration.general.duplicateBiometricEnrolmentCheck) {
             buildMatcherSteps(
                 projectConfiguration,
-                FlowType.ENROL,
+                enrolFlowType,
                 resolvedAgeGroup,
                 buildMatcherSubjectQuery(projectConfiguration, action),
                 BiometricDataSource.fromString(
@@ -196,18 +206,24 @@ internal class BuildStepsUseCase @Inject constructor(
     ): List<Step> {
         val action = fallbackToCommCareDataSourceIfNeeded(action, projectConfiguration)
         val resolvedAgeGroup = ageGroup ?: ageGroupFromSubjectAge(action, projectConfiguration)
+        val identifyFlowType = FlowType.IDENTIFY
         val captureSteps = buildCaptureSteps(
             projectConfiguration,
-            FlowType.IDENTIFY,
+            identifyFlowType,
             resolvedAgeGroup,
         )
         val externalCredentialStep = when {
             captureSteps.isEmpty() -> emptyList()
-            else -> buildExternalCredentialStepIfNeeded(enrolmentSubjectId, projectConfiguration, FlowType.IDENTIFY)
+            else -> buildExternalCredentialStepIfNeeded(
+                ageGroup = ageGroup,
+                enrolmentSubjectId = enrolmentSubjectId,
+                projectConfiguration = projectConfiguration,
+                flowType = identifyFlowType
+            )
         }
         val matcherSteps = buildMatcherSteps(
             projectConfiguration,
-            FlowType.IDENTIFY,
+            identifyFlowType,
             resolvedAgeGroup,
             subjectQuery,
             BiometricDataSource.fromString(
@@ -384,7 +400,7 @@ internal class BuildStepsUseCase @Inject constructor(
         flowType: FlowType,
     ): List<Step> = when (modality) {
         Modality.FINGERPRINT -> {
-            determineFingerprintSDKs(projectConfiguration, ageGroup).map { bioSDK ->
+            projectConfiguration.determineFingerprintSDKs(ageGroup).map { bioSDK ->
 
                 val sdkConfiguration = projectConfiguration.fingerprint?.getSdkConfiguration(bioSDK)
 
@@ -404,7 +420,7 @@ internal class BuildStepsUseCase @Inject constructor(
         }
 
         Modality.FACE -> {
-            determineFaceSDKs(projectConfiguration, ageGroup).map { bioSDK ->
+            projectConfiguration.determineFaceSDKs(ageGroup).map { bioSDK ->
                 val sdkConfiguration = projectConfiguration.face?.getSdkConfiguration(bioSDK)
 
                 // TODO: samplesToCapture can be read directly from FaceCapture
@@ -447,7 +463,7 @@ internal class BuildStepsUseCase @Inject constructor(
         biometricDataSource: BiometricDataSource,
     ): List<Step> = when (modality) {
         Modality.FINGERPRINT -> {
-            determineFingerprintSDKs(projectConfiguration, ageGroup).map { bioSDK ->
+            projectConfiguration.determineFingerprintSDKs(ageGroup).map { bioSDK ->
                 Step(
                     id = StepId.FINGERPRINT_MATCHER,
                     navigationActionId = R.id.action_orchestratorFragment_to_matcher,
@@ -463,7 +479,7 @@ internal class BuildStepsUseCase @Inject constructor(
         }
 
         Modality.FACE -> {
-            determineFaceSDKs(projectConfiguration, ageGroup).map { bioSDK ->
+            projectConfiguration.determineFaceSDKs(ageGroup).map { bioSDK ->
                 // Face bio SDK is currently ignored until we add a second one
                 Step(
                     id = StepId.FACE_MATCHER,
@@ -525,65 +541,6 @@ internal class BuildStepsUseCase @Inject constructor(
         ),
     )
 
-    private fun determineFingerprintSDKs(
-        projectConfiguration: ProjectConfiguration,
-        ageGroup: AgeGroup?,
-    ): List<FingerprintConfiguration.BioSdk> {
-        val sdks = mutableListOf<FingerprintConfiguration.BioSdk>()
-
-        if (!projectConfiguration.isAgeRestricted()) {
-            projectConfiguration.fingerprint?.allowedSDKs?.let { sdks.addAll(it) }
-        } else {
-            ageGroup?.let {
-                if (projectConfiguration.fingerprint
-                        ?.secugenSimMatcher
-                        ?.allowedAgeRange
-                        ?.contains(ageGroup) == true
-                ) {
-                    sdks.add(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER)
-                }
-                if (projectConfiguration.fingerprint
-                        ?.nec
-                        ?.allowedAgeRange
-                        ?.contains(ageGroup) == true
-                ) {
-                    sdks.add(FingerprintConfiguration.BioSdk.NEC)
-                }
-            }
-        }
-
-        return sdks
-    }
-
-    private fun determineFaceSDKs(
-        projectConfiguration: ProjectConfiguration,
-        ageGroup: AgeGroup?,
-    ): List<FaceConfiguration.BioSdk> {
-        val sdks = mutableListOf<FaceConfiguration.BioSdk>()
-
-        if (!projectConfiguration.isAgeRestricted()) {
-            projectConfiguration.face?.allowedSDKs?.let { sdks.addAll(it) }
-        } else {
-            ageGroup?.let {
-                if (projectConfiguration.face
-                        ?.rankOne
-                        ?.allowedAgeRange
-                        ?.contains(ageGroup) == true
-                ) {
-                    sdks.add(FaceConfiguration.BioSdk.RANK_ONE)
-                }
-                if (projectConfiguration.face
-                        ?.simFace
-                        ?.allowedAgeRange
-                        ?.contains(ageGroup) == true
-                ) {
-                    sdks.add(FaceConfiguration.BioSdk.SIM_FACE)
-                }
-            }
-        }
-
-        return sdks
-    }
 
     private fun ageGroupFromSubjectAge(
         action: ActionRequest,
diff --git a/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/OrchestratorViewModelTest.kt b/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/OrchestratorViewModelTest.kt
index 3d41306ee2..faaa772417 100644
--- a/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/OrchestratorViewModelTest.kt
+++ b/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/OrchestratorViewModelTest.kt
@@ -13,6 +13,8 @@ import com.simprints.face.capture.FaceCaptureResult
 import com.simprints.feature.consent.ConsentResult
 import com.simprints.feature.enrollast.EnrolLastBiometricParams
 import com.simprints.feature.enrollast.EnrolLastBiometricStepResult
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
+import com.simprints.feature.externalcredential.model.ExternalCredentialParams
 import com.simprints.feature.orchestrator.cache.OrchestratorCache
 import com.simprints.feature.orchestrator.exceptions.SubjectAgeNotSupportedException
 import com.simprints.feature.orchestrator.steps.MatchStepStubPayload
@@ -431,6 +433,111 @@ internal class OrchestratorViewModelTest {
         }
     }
 
+    @Test
+    fun `Updates external credential step payload with fingerprint samples when receiving fingerprint capture result`() = runTest {
+        val fingerprintReferenceId = "fingerprintReferenceId"
+        val fingerId1 = IFingerIdentifier.LEFT_INDEX_FINGER
+        val fingerId2 = IFingerIdentifier.RIGHT_THUMB
+        val template1 = ByteArray(10)
+        val template2 = ByteArray(20)
+        val format1 = "format1"
+        val format2 = "format2"
+
+        val fingerprintSample1 = mockk<FingerprintCaptureResult.Sample> {
+            every { fingerIdentifier } returns fingerId1
+            every { template } returns template1
+            every { format } returns format1
+        }
+        val fingerprintSample2 = mockk<FingerprintCaptureResult.Sample> {
+            every { fingerIdentifier } returns fingerId2
+            every { template } returns template2
+            every { format } returns format2
+        }
+
+        val fingerprintItem1 = mockk<FingerprintCaptureResult.Item> {
+            every { sample } returns fingerprintSample1
+        }
+        val fingerprintItem2 = mockk<FingerprintCaptureResult.Item> {
+            every { sample } returns fingerprintSample2
+        }
+
+        val externalCredentialParams = mockk<ExternalCredentialParams>(relaxed = true) {
+            every { copy(probeReferenceId = any(), fingerprintSamples = any()) } returns this
+        }
+
+        coEvery { stepsBuilder.build(any(), any(), any()) } returns listOf(
+            createMockStep(StepId.FINGERPRINT_CAPTURE),
+            createMockStep(StepId.EXTERNAL_CREDENTIAL, externalCredentialParams)
+        )
+        coEvery { mapRefusalOrErrorResult(any(), any()) } returns null
+
+        viewModel.handleAction(mockk())
+        viewModel.handleResult(
+            FingerprintCaptureResult(
+                fingerprintReferenceId,
+                listOf(fingerprintItem1, fingerprintItem2)
+            )
+        )
+
+        val expectedFingerprintSamples = listOf(
+            MatchParams.FingerprintSample(fingerId1, format1, template1),
+            MatchParams.FingerprintSample(fingerId2, format2, template2)
+        )
+
+        verify {
+            externalCredentialParams.copy(
+                probeReferenceId = fingerprintReferenceId,
+                fingerprintSamples = expectedFingerprintSamples
+            )
+        }
+    }
+
+    @Test
+    fun `Removes matcher steps when external credential search has good matches in identify flow`() = runTest {
+        val externalCredentialResult = mockk<ExternalCredentialSearchResult> {
+            every { flowType } returns FlowType.IDENTIFY
+            every { goodMatches } returns listOf(mockk())
+        }
+
+        coEvery { stepsBuilder.build(any(), any(), any()) } returns listOf(
+            createMockStep(StepId.FACE_CAPTURE),
+            createMockStep(StepId.FINGERPRINT_CAPTURE),
+            createMockStep(StepId.FACE_MATCHER),
+            createMockStep(StepId.FINGERPRINT_MATCHER)
+        )
+        coEvery { mapRefusalOrErrorResult(any(), any()) } returns null
+
+        viewModel.handleAction(mockk())
+        viewModel.handleResult(externalCredentialResult)
+
+        viewModel.currentStep.test().value().peekContent()?.let { step ->
+            assertThat(step.id).isNotEqualTo(StepId.FACE_MATCHER)
+            assertThat(step.id).isNotEqualTo(StepId.FINGERPRINT_MATCHER)
+        }
+    }
+
+    @Test
+    fun `Does not remove matcher steps when flow type is enrol even with good matches`() = runTest {
+        val externalCredentialResult = mockk<ExternalCredentialSearchResult> {
+            every { flowType } returns FlowType.ENROL
+            every { goodMatches } returns listOf(mockk())
+        }
+
+        coEvery { stepsBuilder.build(any(), any(), any()) } returns listOf(
+            createMockStep(StepId.FACE_CAPTURE),
+            createMockStep(StepId.FACE_MATCHER),
+        )
+        coEvery { mapRefusalOrErrorResult(any(), any()) } returns null
+
+        viewModel.handleAction(mockk())
+        viewModel.handleResult(externalCredentialResult)
+
+        val stepsObserver = viewModel.currentStep.test()
+        val allStepIds = stepsObserver.valueHistory().mapNotNull { it.peekContent()?.id }
+
+        assertThat(allStepIds).contains(StepId.FACE_MATCHER)
+    }
+
     private fun createMockStep(
         stepId: Int,
         params: StepParams? = null,
diff --git a/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/CreateEnrolResponseUseCaseTest.kt b/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/CreateEnrolResponseUseCaseTest.kt
index 1484774120..8b3480774e 100644
--- a/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/CreateEnrolResponseUseCaseTest.kt
+++ b/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/CreateEnrolResponseUseCaseTest.kt
@@ -1,11 +1,17 @@
 package com.simprints.feature.orchestrator.usecases.response
 
 import com.google.common.truth.Truth.assertThat
+import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.core.domain.tokenization.asTokenizableEncrypted
 import com.simprints.core.domain.tokenization.asTokenizableRaw
 import com.simprints.face.capture.FaceCaptureResult
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
+import com.simprints.feature.externalcredential.screens.search.model.ScannedCredential
 import com.simprints.feature.orchestrator.exceptions.MissingCaptureException
 import com.simprints.fingerprint.capture.FingerprintCaptureResult
 import com.simprints.infra.config.store.models.Project
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
 import com.simprints.infra.eventsync.sync.common.SubjectFactory
 import com.simprints.infra.orchestration.data.ActionRequest
 import com.simprints.infra.orchestration.data.responses.AppEnrolResponse
@@ -15,6 +21,7 @@ import io.mockk.coJustRun
 import io.mockk.every
 import io.mockk.impl.annotations.MockK
 import io.mockk.mockk
+import io.mockk.verify
 import kotlinx.coroutines.test.runTest
 import org.junit.Before
 import org.junit.Test
@@ -30,6 +37,8 @@ internal class CreateEnrolResponseUseCaseTest {
     lateinit var project: Project
 
     private val enrolmentSubjectId = "enrolmentSubjectId"
+    private val projectId = "projectId"
+    private val credentialEncrypted = "credentialEncrypted".asTokenizableEncrypted()
 
     private val action = mockk<ActionRequest.EnrolActionRequest> {
         every { projectId } returns "projectId"
@@ -71,7 +80,7 @@ internal class CreateEnrolResponseUseCaseTest {
                     mockk(),
                 ),
                 project = project,
-                enrolmentSubjectId = enrolmentSubjectId
+                enrolmentSubjectId = enrolmentSubjectId,
             ),
         ).isInstanceOf(AppEnrolResponse::class.java)
     }
@@ -86,10 +95,56 @@ internal class CreateEnrolResponseUseCaseTest {
                 moduleId = any(),
                 fingerprintResponse = null,
                 faceResponse = null,
-                externalCredential = null
+                externalCredential = null,
             )
         } throws MissingCaptureException()
 
         assertThat(useCase(action, emptyList(), project, enrolmentSubjectId)).isInstanceOf(AppErrorResponse::class.java)
     }
+
+    @Test
+    fun `correctly processes external credential result`() = runTest {
+        val externalCredentialType = ExternalCredentialType.GhanaIdCard
+        val scannedCredentialMock = mockk<ScannedCredential> {
+            every { credential } returns credentialEncrypted
+            every { credentialType } returns externalCredentialType
+        }
+        val credentialSearchResult = mockk<ExternalCredentialSearchResult> {
+            every { scannedCredential } returns scannedCredentialMock
+        }
+
+        every {
+            subjectFactory.buildSubjectFromCaptureResults(
+                subjectId = any(),
+                projectId = any(),
+                attendantId = any(),
+                moduleId = any(),
+                fingerprintResponse = any(),
+                faceResponse = any(),
+                externalCredential = any(),
+            )
+        } returns mockk { every { subjectId } returns enrolmentSubjectId }
+
+        useCase(
+            request = action,
+            results = listOf(
+                FingerprintCaptureResult("", emptyList()),
+                credentialSearchResult,
+            ),
+            project = project,
+            enrolmentSubjectId = enrolmentSubjectId,
+        )
+
+        verify {
+            subjectFactory.buildSubjectFromCaptureResults(
+                subjectId = enrolmentSubjectId,
+                projectId = projectId,
+                attendantId = any(),
+                moduleId = any(),
+                fingerprintResponse = any(),
+                faceResponse = null,
+                externalCredential = match { it.value == credentialEncrypted && it.type == externalCredentialType },
+            )
+        }
+    }
 }
diff --git a/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/CreateIdentifyResponseUseCaseTest.kt b/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/CreateIdentifyResponseUseCaseTest.kt
index 47717fce77..d91f37517d 100644
--- a/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/CreateIdentifyResponseUseCaseTest.kt
+++ b/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/CreateIdentifyResponseUseCaseTest.kt
@@ -1,6 +1,8 @@
 package com.simprints.feature.orchestrator.usecases.response
 
 import com.google.common.truth.Truth.assertThat
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
+import com.simprints.feature.externalcredential.model.CredentialMatch
 import com.simprints.infra.config.store.models.DecisionPolicy
 import com.simprints.infra.config.store.models.FaceConfiguration
 import com.simprints.infra.config.store.models.FingerprintConfiguration
@@ -192,13 +194,198 @@ class CreateIdentifyResponseUseCaseTest {
         assertThat(result.identifications.map { it.confidenceScore }).isEqualTo(listOf(105))
     }
 
+    @Test
+    fun `Returns only face credential results sorted by confidence descending`() = runTest {
+        val (faceSmallConfidence, smallConfidence) = "faceSmallConfidence" to 50f
+        val (faceBigConfidence, bigConfidence) = "faceBigConfidence" to 99f
+        val faceMatches = listOf<CredentialMatch>(
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns faceSmallConfidence
+                    every { confidence } returns smallConfidence
+                }
+                every { faceBioSdk } returns FaceConfiguration.BioSdk.RANK_ONE
+                every { fingerprintBioSdk } returns null
+            },
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns faceBigConfidence
+                    every { confidence } returns bigConfidence
+                }
+                every { faceBioSdk } returns FaceConfiguration.BioSdk.RANK_ONE
+                every { fingerprintBioSdk } returns null
+            }
+        )
+
+        val fingerprintMatches = listOf<CredentialMatch>(
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns "fingerprint"
+                    every { confidence } returns 90f
+                }
+                every { faceBioSdk } returns null
+                every { fingerprintBioSdk } returns FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER
+            }
+        )
+
+        val result = useCase(
+            mockk {
+                every { identification.maxNbOfReturnedCandidates } returns 5
+                every { face?.getSdkConfiguration((any()))?.decisionPolicy } returns null
+                every { fingerprint?.getSdkConfiguration((any()))?.decisionPolicy } returns null
+            },
+            results = listOf(
+                mockk<ExternalCredentialSearchResult> {
+                    every { matchResults } returns faceMatches + fingerprintMatches
+                }
+            ),
+        )
+
+        assertThat((result as AppIdentifyResponse).identifications).isNotEmpty()
+        assertThat(result.identifications.map { it.guid }).isEqualTo(listOf(faceBigConfidence, faceSmallConfidence))
+        assertThat(result.identifications.map { it.confidenceScore }).isEqualTo(listOf(bigConfidence.toInt(), smallConfidence.toInt()))
+    }
+    @Test
+    fun `Returns only fingerprint credential results sorted by confidence descending`() = runTest {
+        val (fingerprintSmallConfidence, smallConfidence) = "fingerprintSmallConfidence" to 50f
+        val (fingerprintBigConfidence, bigConfidence) = "fingerprintBigConfidence" to 99f
+        val fingerprintMatches = listOf<CredentialMatch>(
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns fingerprintSmallConfidence
+                    every { confidence } returns smallConfidence
+                }
+                every { faceBioSdk } returns null
+                every { fingerprintBioSdk } returns FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER
+            },
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns fingerprintBigConfidence
+                    every { confidence } returns bigConfidence
+                }
+                every { faceBioSdk } returns null
+                every { fingerprintBioSdk } returns FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER
+            }
+        )
+
+        val faceMatches = listOf<CredentialMatch>(
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns "face1"
+                    every { confidence } returns 90f
+                }
+                every { faceBioSdk } returns FaceConfiguration.BioSdk.RANK_ONE
+                every { fingerprintBioSdk } returns null
+            }
+        )
+
+        val result = useCase(
+            mockk {
+                every { identification.maxNbOfReturnedCandidates } returns 5
+                every { face?.getSdkConfiguration((any()))?.decisionPolicy } returns null
+                every { fingerprint?.getSdkConfiguration((any()))?.decisionPolicy } returns null
+            },
+            results = listOf(
+                mockk<ExternalCredentialSearchResult> {
+                    every { matchResults } returns fingerprintMatches + faceMatches
+                }
+            ),
+        )
+
+        assertThat((result as AppIdentifyResponse).identifications).isNotEmpty()
+        assertThat(result.identifications.map { it.guid }).isEqualTo(listOf(fingerprintBigConfidence, fingerprintSmallConfidence))
+        assertThat(result.identifications.map { it.confidenceScore }).isEqualTo(listOf(bigConfidence.toInt(), smallConfidence.toInt()))
+    }
+
+    @Test
+    fun `Returns only credential face results when same ID exists in both credential and face results`() = runTest {
+        val sharedGuid = "sharedGuid"
+        val credentialConfidence = 95f
+        val faceConfidence = 80f
+
+        val credentialFaceMatches = listOf<CredentialMatch>(
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns sharedGuid
+                    every { confidence } returns credentialConfidence
+                }
+                every { faceBioSdk } returns FaceConfiguration.BioSdk.RANK_ONE
+                every { fingerprintBioSdk } returns null
+            }
+        )
+
+        val result = useCase(
+            mockk {
+                every { identification.maxNbOfReturnedCandidates } returns 5
+                every { face?.getSdkConfiguration((any()))?.decisionPolicy } returns DecisionPolicy(20, 50, 100)
+                every { fingerprint?.getSdkConfiguration((any()))?.decisionPolicy } returns null
+            },
+            results = listOf(
+                mockk<ExternalCredentialSearchResult> {
+                    every { matchResults } returns credentialFaceMatches
+                },
+                FaceMatchResult(
+                    listOf(
+                        FaceMatchResult.Item(subjectId = sharedGuid, confidence = faceConfidence)
+                    ),
+                    FaceConfiguration.BioSdk.RANK_ONE,
+                )
+            ),
+        )
+
+        assertThat((result as AppIdentifyResponse).identifications).hasSize(1)
+        assertThat(result.identifications.first().guid).isEqualTo(sharedGuid)
+        assertThat(result.identifications.first().confidenceScore).isEqualTo(credentialConfidence.toInt())
+    }
+
+    @Test
+    fun `Returns only credential fingerprint results when same ID exists in both credential and fingerprint results`() = runTest {
+        val sharedGuid = "sharedGuid"
+        val credentialConfidence = 95f
+        val fingerprintConfidence = 80f
+
+        val credentialFingerprintMatches = listOf<CredentialMatch>(
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns sharedGuid
+                    every { confidence } returns credentialConfidence
+                }
+                every { faceBioSdk } returns null
+                every { fingerprintBioSdk } returns FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER
+            }
+        )
+
+        val result = useCase(
+            mockk {
+                every { identification.maxNbOfReturnedCandidates } returns 5
+                every { face?.getSdkConfiguration((any()))?.decisionPolicy } returns null
+                every { fingerprint?.getSdkConfiguration((any()))?.decisionPolicy } returns DecisionPolicy(20, 50, 100)
+            },
+            results = listOf(
+                mockk<ExternalCredentialSearchResult> {
+                    every { matchResults } returns credentialFingerprintMatches
+                },
+                FingerprintMatchResult(
+                    listOf(
+                        FingerprintMatchResult.Item(subjectId = sharedGuid, confidence = fingerprintConfidence)
+                    ),
+                    FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER,
+                )
+            ),
+        )
+
+        assertThat((result as AppIdentifyResponse).identifications).hasSize(1)
+        assertThat(result.identifications.first().guid).isEqualTo(sharedGuid)
+        assertThat(result.identifications.first().confidenceScore).isEqualTo(credentialConfidence.toInt())
+    }
+
     private fun createFaceMatchResult(vararg confidences: Float): Serializable = FaceMatchResult(
-        confidences.map { FaceMatchResult.Item(subjectId = "1", confidence = it) },
+        confidences.mapIndexed { i, confidence -> FaceMatchResult.Item(subjectId = "$i", confidence = confidence) },
         FaceConfiguration.BioSdk.RANK_ONE,
     )
 
     private fun createFingerprintMatchResult(vararg confidences: Float): Serializable = FingerprintMatchResult(
-        confidences.map { FingerprintMatchResult.Item(subjectId = "1", confidence = it) },
+        confidences.mapIndexed { i, confidence -> FingerprintMatchResult.Item(subjectId = "$i", confidence = confidence) },
         FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER,
     )
 }
diff --git a/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/IsNewEnrolmentUseCaseTest.kt b/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/IsNewEnrolmentUseCaseTest.kt
index 72a334f078..721293030c 100644
--- a/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/IsNewEnrolmentUseCaseTest.kt
+++ b/feature/orchestrator/src/test/java/com/simprints/feature/orchestrator/usecases/response/IsNewEnrolmentUseCaseTest.kt
@@ -1,6 +1,8 @@
 package com.simprints.feature.orchestrator.usecases.response
 
 import com.google.common.truth.Truth.*
+import com.simprints.feature.externalcredential.ExternalCredentialSearchResult
+import com.simprints.feature.externalcredential.model.CredentialMatch
 import com.simprints.infra.config.store.models.DecisionPolicy
 import com.simprints.infra.config.store.models.FaceConfiguration
 import com.simprints.infra.config.store.models.ProjectConfiguration
@@ -143,6 +145,33 @@ internal class IsNewEnrolmentUseCaseTest {
         ).isFalse()
     }
 
+    @Test
+    fun `Results are not new enrolment if external credential match results exist`() {
+        every { projectConfiguration.general.duplicateBiometricEnrolmentCheck } returns true
+
+        val credentialMatches = listOf<CredentialMatch>(
+            mockk {
+                every { matchResult } returns mockk {
+                    every { subjectId } returns "subjectId"
+                    every { confidence } returns 50f
+                }
+                every { faceBioSdk } returns FaceConfiguration.BioSdk.RANK_ONE
+                every { fingerprintBioSdk } returns null
+            },
+        )
+
+        assertThat(
+            useCase(
+                projectConfiguration,
+                listOf(
+                    mockk<ExternalCredentialSearchResult> {
+                        every { matchResults } returns credentialMatches
+                    },
+                ),
+            ),
+        ).isFalse()
+    }
+
     companion object {
         private const val MEDIUM_CONFIDENCE_SCORE = 30
         private const val LOWER_THAN_MEDIUM_SCORE = MEDIUM_CONFIDENCE_SCORE - 1f
diff --git a/infra/config-store/src/main/java/com/simprints/infra/config/store/models/ProjectConfiguration.kt b/infra/config-store/src/main/java/com/simprints/infra/config/store/models/ProjectConfiguration.kt
index 2d8f65b13d..35f8f52496 100644
--- a/infra/config-store/src/main/java/com/simprints/infra/config/store/models/ProjectConfiguration.kt
+++ b/infra/config-store/src/main/java/com/simprints/infra/config/store/models/ProjectConfiguration.kt
@@ -88,3 +88,41 @@ fun ProjectConfiguration.isProjectWithPeriodicallyUpSync(): Boolean =
     synchronization.up.simprints.frequency == Frequency.ONLY_PERIODICALLY_UP_SYNC
 
 fun ProjectConfiguration.isModuleSelectionAvailable(): Boolean = isProjectWithModuleSync() && !isProjectWithPeriodicallyUpSync()
+
+fun ProjectConfiguration.determineFaceSDKs(
+    ageGroup: AgeGroup?
+): List<FaceConfiguration.BioSdk> {
+    if (!isAgeRestricted()) {
+        return face?.allowedSDKs.orEmpty()
+    }
+
+    return buildList {
+        ageGroup?.let { age ->
+            if (face?.rankOne?.allowedAgeRange?.contains(age) == true) {
+                add(FaceConfiguration.BioSdk.RANK_ONE)
+            }
+            if (face?.simFace?.allowedAgeRange?.contains(age) == true) {
+                add(FaceConfiguration.BioSdk.SIM_FACE)
+            }
+        }
+    }
+}
+
+fun ProjectConfiguration.determineFingerprintSDKs(
+    ageGroup: AgeGroup?
+): List<FingerprintConfiguration.BioSdk> {
+    if (!isAgeRestricted()) {
+        return fingerprint?.allowedSDKs.orEmpty()
+    }
+
+    return buildList {
+        ageGroup?.let { age ->
+            if (fingerprint?.secugenSimMatcher?.allowedAgeRange?.contains(age) == true) {
+                add(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER)
+            }
+            if (fingerprint?.nec?.allowedAgeRange?.contains(age) == true) {
+                add(FingerprintConfiguration.BioSdk.NEC)
+            }
+        }
+    }
+}
diff --git a/infra/config-store/src/test/java/com/simprints/infra/config/store/models/ProjectConfigurationTest.kt b/infra/config-store/src/test/java/com/simprints/infra/config/store/models/ProjectConfigurationTest.kt
index 6eaaddc567..5adc872fe3 100644
--- a/infra/config-store/src/test/java/com/simprints/infra/config/store/models/ProjectConfigurationTest.kt
+++ b/infra/config-store/src/test/java/com/simprints/infra/config/store/models/ProjectConfigurationTest.kt
@@ -616,4 +616,104 @@ class ProjectConfigurationTest {
         )
         assertThat(config.isModuleSelectionAvailable()).isFalse()
     }
+
+    @Test
+    fun `determineFaceSDKs returns all allowed SDKs when not age restricted`() {
+        val config = createAgeUnrestrictedFaceConfig()
+        val result = config.determineFaceSDKs(AgeGroup(25, 30))
+        assertThat(result).containsExactly(FaceConfiguration.BioSdk.RANK_ONE, FaceConfiguration.BioSdk.SIM_FACE)
+    }
+
+    @Test
+    fun `determineFaceSDKs returns empty list when age group is null and age restricted`() {
+        val config = createAgeRestrictedFaceConfig(rankOneRange = AgeGroup(10, 20), simFaceRange = AgeGroup(20, 30))
+        val result = config.determineFaceSDKs(null)
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `determineFaceSDKs returns only RankOne when age group matches RankOne range`() {
+        val config = createAgeRestrictedFaceConfig(rankOneRange = AgeGroup(10, 20), simFaceRange = AgeGroup(20, 30))
+        val result = config.determineFaceSDKs(AgeGroup(10, 20))
+        assertThat(result).containsExactly(FaceConfiguration.BioSdk.RANK_ONE)
+    }
+
+    @Test
+    fun `determineFaceSDKs returns only SimFace when age group matches SimFace range`() {
+        val config = createAgeRestrictedFaceConfig(rankOneRange = AgeGroup(10, 20), simFaceRange = AgeGroup(20, 30))
+        val result = config.determineFaceSDKs(AgeGroup(20, 30))
+        assertThat(result).containsExactly(FaceConfiguration.BioSdk.SIM_FACE)
+    }
+
+    @Test
+    fun `determineFaceSDKs returns both SDKs when age group matches both ranges`() {
+        val config = createAgeRestrictedFaceConfig(rankOneRange = AgeGroup(10, 30), simFaceRange = AgeGroup(15, 25))
+        val result = config.determineFaceSDKs(AgeGroup(15, 25))
+        assertThat(result).containsExactly(FaceConfiguration.BioSdk.RANK_ONE, FaceConfiguration.BioSdk.SIM_FACE)
+    }
+
+    @Test
+    fun `determineFaceSDKs returns empty list when age group matches no ranges`() {
+        val config = createAgeRestrictedFaceConfig(rankOneRange = AgeGroup(10, 20), simFaceRange = AgeGroup(20, 30))
+        val result = config.determineFaceSDKs(AgeGroup(30, 40))
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `determineFingerprintSDKs returns all allowed SDKs when not age restricted`() {
+        val config = createAgeUnrestrictedFingerprintConfig()
+        val result = config.determineFingerprintSDKs(AgeGroup(25, 30))
+        assertThat(result).containsExactly(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER, FingerprintConfiguration.BioSdk.NEC)
+    }
+
+    @Test
+    fun `determineFingerprintSDKs returns empty list when age group is null and age restricted`() {
+        val config = createAgeRestrictedFingerprintConfig(secugenRange = AgeGroup(10, 20), necRange = AgeGroup(20, 30))
+        val result = config.determineFingerprintSDKs(null)
+        assertThat(result).isEmpty()
+    }
+
+    @Test
+    fun `determineFingerprintSDKs returns only SecugenSimMatcher when age group matches SecugenSimMatcher range`() {
+        val config = createAgeRestrictedFingerprintConfig(secugenRange = AgeGroup(10, 20), necRange = AgeGroup(20, 30))
+        val result = config.determineFingerprintSDKs(AgeGroup(10, 20))
+        assertThat(result).containsExactly(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER)
+    }
+
+    @Test
+    fun `determineFingerprintSDKs returns empty list when age group matches no ranges`() {
+        val config = createAgeRestrictedFingerprintConfig(secugenRange = AgeGroup(10, 20), necRange = AgeGroup(20, 30))
+        val result = config.determineFingerprintSDKs(AgeGroup(30, 40))
+        assertThat(result).isEmpty()
+    }
+
+    private fun createAgeUnrestrictedFaceConfig() = projectConfiguration.copy(
+        face = faceConfiguration.copy(
+            allowedSDKs = listOf(FaceConfiguration.BioSdk.RANK_ONE, FaceConfiguration.BioSdk.SIM_FACE),
+            rankOne = faceSdkConfiguration.copy(allowedAgeRange = AgeGroup(0, null)),
+            simFace = faceSdkConfiguration.copy(allowedAgeRange = AgeGroup(0, null)),
+        ),
+    )
+
+    private fun createAgeRestrictedFaceConfig(rankOneRange: AgeGroup, simFaceRange: AgeGroup) = projectConfiguration.copy(
+        face = faceConfiguration.copy(
+            rankOne = faceSdkConfiguration.copy(allowedAgeRange = rankOneRange),
+            simFace = faceSdkConfiguration.copy(allowedAgeRange = simFaceRange),
+        ),
+    )
+
+    private fun createAgeUnrestrictedFingerprintConfig() = projectConfiguration.copy(
+        fingerprint = fingerprintConfiguration.copy(
+            allowedSDKs = listOf(FingerprintConfiguration.BioSdk.SECUGEN_SIM_MATCHER, FingerprintConfiguration.BioSdk.NEC),
+            secugenSimMatcher = fingerprintConfiguration.secugenSimMatcher?.copy(allowedAgeRange = AgeGroup(0, null)),
+            nec = fingerprintConfiguration.nec?.copy(allowedAgeRange = AgeGroup(0, null)),
+        ),
+    )
+
+    private fun createAgeRestrictedFingerprintConfig(secugenRange: AgeGroup, necRange: AgeGroup) = projectConfiguration.copy(
+        fingerprint = fingerprintConfiguration.copy(
+            secugenSimMatcher = fingerprintConfiguration.secugenSimMatcher?.copy(allowedAgeRange = secugenRange),
+            nec = fingerprintConfiguration.nec?.copy(allowedAgeRange = necRange),
+        ),
+    )
 }
diff --git a/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/domain/models/SubjectQuery.kt b/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/domain/models/SubjectQuery.kt
index 2151ecb31e..3d982dd3db 100644
--- a/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/domain/models/SubjectQuery.kt
+++ b/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/domain/models/SubjectQuery.kt
@@ -17,5 +17,5 @@ data class SubjectQuery(
     val sort: Boolean = false,
     val afterSubjectId: String? = null,
     val metadata: String? = null,
-    val externalCredential: String? = null,
+    val externalCredential: TokenizableString.Tokenized? = null,
 ) : StepParams
diff --git a/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/local/RealmEnrolmentRecordLocalDataSource.kt b/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/local/RealmEnrolmentRecordLocalDataSource.kt
index 5e735309f5..d4106749e1 100644
--- a/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/local/RealmEnrolmentRecordLocalDataSource.kt
+++ b/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/local/RealmEnrolmentRecordLocalDataSource.kt
@@ -53,6 +53,7 @@ internal class RealmEnrolmentRecordLocalDataSource @Inject constructor(
         const val FINGERPRINT_SAMPLES_FIELD = "fingerprintSamples"
         const val FACE_SAMPLES_FIELD = "faceSamples"
         const val FORMAT_FIELD = "format"
+        const val EXTERNAL_CREDENTIAL_FIELD = "externalCredentials"
 
         // Although batches are processed sequentially, we use a small channel capacity to prevent blocking and reduce the risk of out-of-memory errors.
         const val CHANNEL_CAPACITY = 4
@@ -334,6 +335,12 @@ internal class RealmEnrolmentRecordLocalDataSource @Inject constructor(
                 false,
             )
         }
+        if (query.externalCredential != null) {
+            realmQuery = realmQuery.query(
+                "ANY $EXTERNAL_CREDENTIAL_FIELD.value == $0",
+                query.externalCredential.value,
+            )
+        }
         if (query.sort) {
             realmQuery = realmQuery.sort(SUBJECT_ID_FIELD, Sort.ASCENDING)
         }
diff --git a/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/local/RoomEnrolmentRecordQueryBuilder.kt b/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/local/RoomEnrolmentRecordQueryBuilder.kt
index 61d7a07520..711b4a9c41 100644
--- a/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/local/RoomEnrolmentRecordQueryBuilder.kt
+++ b/infra/enrolment-records/repository/src/main/java/com/simprints/infra/enrolment/records/repository/local/RoomEnrolmentRecordQueryBuilder.kt
@@ -4,6 +4,8 @@ import androidx.sqlite.db.SimpleSQLiteQuery
 import com.simprints.infra.enrolment.records.repository.domain.models.SubjectQuery
 import com.simprints.infra.enrolment.records.room.store.models.DbBiometricTemplate.Companion.FORMAT_COLUMN
 import com.simprints.infra.enrolment.records.room.store.models.DbBiometricTemplate.Companion.TEMPLATE_TABLE_NAME
+import com.simprints.infra.enrolment.records.room.store.models.DbExternalCredential.Companion.EXTERNAL_CREDENTIAL_TABLE_NAME
+import com.simprints.infra.enrolment.records.room.store.models.DbExternalCredential.Companion.EXTERNAL_CREDENTIAL_VALUE_COLUMN
 import com.simprints.infra.enrolment.records.room.store.models.DbSubject.Companion.ATTENDANT_ID_COLUMN
 import com.simprints.infra.enrolment.records.room.store.models.DbSubject.Companion.MODULE_ID_COLUMN
 import com.simprints.infra.enrolment.records.room.store.models.DbSubject.Companion.PROJECT_ID_COLUMN
@@ -27,10 +29,12 @@ internal class RoomEnrolmentRecordQueryBuilder @Inject constructor() {
             "Cannot set format for subject query, use buildBiometricTemplatesQuery instead"
         }
         val (whereClause, args) = buildWhereClause(query)
+        val credentialJoinClause = buildCredentialJoinClause(query)
         val orderByClause = buildOrderByClause(query)
         val sql =
             """
             SELECT * FROM $SUBJECT_TABLE_NAME S
+            $credentialJoinClause
             $whereClause
             $orderByClause
             """.trimIndent()
@@ -88,6 +92,7 @@ internal class RoomEnrolmentRecordQueryBuilder @Inject constructor() {
             query,
             subjectAlias = "",
             templateAlias = "",
+            credentialAlias = "",
         )
         val sql = "DELETE FROM DbSubject $whereClause"
         return SimpleSQLiteQuery(sql, args.toTypedArray())
@@ -97,6 +102,7 @@ internal class RoomEnrolmentRecordQueryBuilder @Inject constructor() {
         query: SubjectQuery,
         subjectAlias: String = "S.", // Default alias for subject table, dot included. Empty string for no alias.
         templateAlias: String = "T.", // Default alias for template table, dot included. Empty string for no alias.
+        credentialAlias: String = "C.", // Default alias for credentials table, dot included. Empty string for no alias.
     ): Pair<String, List<Any?>> {
         val clauses = mutableListOf<String>()
         val args = mutableListOf<Any?>()
@@ -143,10 +149,25 @@ internal class RoomEnrolmentRecordQueryBuilder @Inject constructor() {
             args.add(it)
         }
 
+        query.externalCredential?.let {
+            clauses.add("${credentialAlias}$EXTERNAL_CREDENTIAL_VALUE_COLUMN = ?")
+            args.add(query.externalCredential)
+        }
+
         var whereClauseResult = if (clauses.isNotEmpty()) "WHERE ${clauses.joinToString(" AND ")}" else ""
         return Pair(whereClauseResult, args)
     }
 
+    private fun buildCredentialJoinClause(
+        query: SubjectQuery,
+        subjectAlias: String = "S",
+        credentialAlias: String = "C",
+    ): String = if (query.externalCredential != null) {
+        "INNER JOIN $EXTERNAL_CREDENTIAL_TABLE_NAME $credentialAlias ON $subjectAlias.$SUBJECT_ID_COLUMN = $credentialAlias.$SUBJECT_ID_COLUMN"
+    } else {
+        ""
+    }
+
     private fun buildOrderByClause(
         query: SubjectQuery,
         subjectAlias: String = "S.",
diff --git a/infra/enrolment-records/repository/src/test/java/com/simprints/infra/enrolment/records/repository/local/RealmEnrolmentRecordLocalDataSourceTest.kt b/infra/enrolment-records/repository/src/test/java/com/simprints/infra/enrolment/records/repository/local/RealmEnrolmentRecordLocalDataSourceTest.kt
index 4230cc46b7..97d48d1430 100644
--- a/infra/enrolment-records/repository/src/test/java/com/simprints/infra/enrolment/records/repository/local/RealmEnrolmentRecordLocalDataSourceTest.kt
+++ b/infra/enrolment-records/repository/src/test/java/com/simprints/infra/enrolment/records/repository/local/RealmEnrolmentRecordLocalDataSourceTest.kt
@@ -21,6 +21,7 @@ import com.simprints.infra.enrolment.records.repository.domain.models.Fingerprin
 import com.simprints.infra.enrolment.records.repository.domain.models.Subject
 import com.simprints.infra.enrolment.records.repository.domain.models.SubjectAction
 import com.simprints.infra.enrolment.records.repository.domain.models.SubjectQuery
+import com.simprints.infra.enrolment.records.repository.local.RealmEnrolmentRecordLocalDataSource.Companion.EXTERNAL_CREDENTIAL_FIELD
 import com.simprints.infra.enrolment.records.repository.local.RealmEnrolmentRecordLocalDataSource.Companion.FACE_SAMPLES_FIELD
 import com.simprints.infra.enrolment.records.repository.local.RealmEnrolmentRecordLocalDataSource.Companion.FINGERPRINT_SAMPLES_FIELD
 import com.simprints.infra.enrolment.records.repository.local.RealmEnrolmentRecordLocalDataSource.Companion.FORMAT_FIELD
@@ -406,6 +407,32 @@ class RealmEnrolmentRecordLocalDataSourceTest {
         assertThat(result).contains("Number of Subjects: 6")
     }
 
+    @Test
+    fun `loads subjects by external credential value`() = runTest {
+        val credentialValue = "credentialValue"
+        val externalCredential = ExternalCredential(
+            id = "id",
+            value = credentialValue.asTokenizableEncrypted(),
+            subjectId = "subjectId",
+            type = ExternalCredentialType.NHISCard
+        )
+
+        saveFakePeople(listOf(
+            getRandomSubject(externalCredentials = listOf(externalCredential))
+        ))
+
+        enrolmentRecordLocalDataSource.load(
+            SubjectQuery(externalCredential = credentialValue.asTokenizableEncrypted())
+        )
+
+        verify {
+            realmQuery.query(
+                "ANY $EXTERNAL_CREDENTIAL_FIELD.value == $0",
+                credentialValue.asTokenizableEncrypted().value,
+            )
+        }
+    }
+
     private fun getFakePerson(): DbSubject = getRandomSubject().toRealmDb()
 
     private fun saveFakePerson(fakeSubject: DbSubject): DbSubject = fakeSubject.also { localSubjects.add(it.toDomain()) }
diff --git a/infra/enrolment-records/repository/src/test/java/com/simprints/infra/enrolment/records/repository/local/RoomEnrolmentRecordQueryBuilderTest.kt b/infra/enrolment-records/repository/src/test/java/com/simprints/infra/enrolment/records/repository/local/RoomEnrolmentRecordQueryBuilderTest.kt
index d68c21095c..aa90089724 100644
--- a/infra/enrolment-records/repository/src/test/java/com/simprints/infra/enrolment/records/repository/local/RoomEnrolmentRecordQueryBuilderTest.kt
+++ b/infra/enrolment-records/repository/src/test/java/com/simprints/infra/enrolment/records/repository/local/RoomEnrolmentRecordQueryBuilderTest.kt
@@ -7,6 +7,8 @@ import com.simprints.core.domain.tokenization.asTokenizableEncrypted
 import com.simprints.infra.enrolment.records.repository.domain.models.SubjectQuery
 import com.simprints.infra.enrolment.records.room.store.models.DbBiometricTemplate.Companion.FORMAT_COLUMN
 import com.simprints.infra.enrolment.records.room.store.models.DbBiometricTemplate.Companion.TEMPLATE_TABLE_NAME
+import com.simprints.infra.enrolment.records.room.store.models.DbExternalCredential.Companion.EXTERNAL_CREDENTIAL_TABLE_NAME
+import com.simprints.infra.enrolment.records.room.store.models.DbExternalCredential.Companion.EXTERNAL_CREDENTIAL_VALUE_COLUMN
 import com.simprints.infra.enrolment.records.room.store.models.DbSubject.Companion.ATTENDANT_ID_COLUMN
 import com.simprints.infra.enrolment.records.room.store.models.DbSubject.Companion.MODULE_ID_COLUMN
 import com.simprints.infra.enrolment.records.room.store.models.DbSubject.Companion.PROJECT_ID_COLUMN
@@ -44,7 +46,7 @@ class RoomEnrolmentRecordQueryBuilderTest {
     fun `buildSubjectQuery with subjectId`() {
         val subjectId = "test-subject-id"
         val subjectQuery = SubjectQuery(subjectId = subjectId)
-        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n" +
+        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n\n" +
             "WHERE S.$SUBJECT_ID_COLUMN = ?"
 
         val resultQuery = queryBuilder.buildSubjectQuery(subjectQuery)
@@ -57,7 +59,7 @@ class RoomEnrolmentRecordQueryBuilderTest {
     fun `buildSubjectQuery with subjectIds`() {
         val subjectIds = listOf("id1", "id2", "id3")
         val subjectQuery = SubjectQuery(subjectIds = subjectIds)
-        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n" +
+        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n\n" +
             "WHERE S.$SUBJECT_ID_COLUMN IN (?,?,?)"
 
         val resultQuery = queryBuilder.buildSubjectQuery(subjectQuery)
@@ -70,7 +72,7 @@ class RoomEnrolmentRecordQueryBuilderTest {
     fun `buildSubjectQuery with afterSubjectId`() {
         val afterSubjectId = "last-subject-id"
         val subjectQuery = SubjectQuery(afterSubjectId = afterSubjectId)
-        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n" +
+        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n\n" +
             "WHERE S.$SUBJECT_ID_COLUMN > ?"
 
         val resultQuery = queryBuilder.buildSubjectQuery(subjectQuery)
@@ -83,7 +85,7 @@ class RoomEnrolmentRecordQueryBuilderTest {
     fun `buildSubjectQuery with projectId`() {
         val projectId = "test-project-id"
         val subjectQuery = SubjectQuery(projectId = projectId)
-        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n" +
+        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n\n" +
             "WHERE S.$PROJECT_ID_COLUMN = ?"
 
         val resultQuery = queryBuilder.buildSubjectQuery(subjectQuery)
@@ -96,7 +98,7 @@ class RoomEnrolmentRecordQueryBuilderTest {
     fun `buildSubjectQuery with attendantId`() {
         val attendantId = "test-attendant-id".asTokenizableEncrypted()
         val subjectQuery = SubjectQuery(attendantId = attendantId)
-        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n" +
+        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n\n" +
             "WHERE S.$ATTENDANT_ID_COLUMN = ?"
 
         val resultQuery = queryBuilder.buildSubjectQuery(subjectQuery)
@@ -109,7 +111,7 @@ class RoomEnrolmentRecordQueryBuilderTest {
     fun `buildSubjectQuery with moduleId`() {
         val moduleId = "test-module-id".asTokenizableEncrypted()
         val subjectQuery = SubjectQuery(moduleId = moduleId)
-        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n" +
+        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n\n" +
             "WHERE S.$MODULE_ID_COLUMN = ?"
 
         val resultQuery = queryBuilder.buildSubjectQuery(subjectQuery)
@@ -125,6 +127,7 @@ class RoomEnrolmentRecordQueryBuilderTest {
             """
             SELECT * FROM $SUBJECT_TABLE_NAME S
             
+            
             ORDER BY S.$SUBJECT_ID_COLUMN ASC
             """.trimIndent()
 
@@ -138,7 +141,7 @@ class RoomEnrolmentRecordQueryBuilderTest {
         val projectId = "proj1"
         val attendantId = "att1".asTokenizableEncrypted()
         val subjectQuery = SubjectQuery(projectId = projectId, attendantId = attendantId, sort = true)
-        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n" +
+        val expectedSql = "SELECT * FROM $SUBJECT_TABLE_NAME S\n\n" +
             "WHERE S.$PROJECT_ID_COLUMN = ? AND S.$ATTENDANT_ID_COLUMN = ?\n" +
             "ORDER BY S.$SUBJECT_ID_COLUMN ASC"
 
@@ -405,6 +408,27 @@ class RoomEnrolmentRecordQueryBuilderTest {
         assertThat(getArgs(resultQuery)).isEqualTo(arrayOf<Any?>(projectId, moduleId.value))
     }
 
+    @Test
+    fun `buildSubjectQuery includes credential join clause when externalCredential is provided`() {
+        val credentialValue = "credentialValue"
+        val query = SubjectQuery(
+            projectId = "projectId",
+            externalCredential = credentialValue.asTokenizableEncrypted(),
+        )
+
+        val result = RoomEnrolmentRecordQueryBuilder().buildSubjectQuery(query)
+
+        val expectedSql =
+            """
+            SELECT * FROM $SUBJECT_TABLE_NAME S
+            INNER JOIN $EXTERNAL_CREDENTIAL_TABLE_NAME C ON S.$SUBJECT_ID_COLUMN = C.$SUBJECT_ID_COLUMN
+            WHERE S.$PROJECT_ID_COLUMN = ? AND C.$EXTERNAL_CREDENTIAL_VALUE_COLUMN = ?
+            
+            """.trimIndent()
+
+        assertThat(result.sql).isEqualTo(expectedSql)
+    }
+
     private fun getArgs(query: SimpleSQLiteQuery): Array<Any?> {
         val argsMap = mutableMapOf<Int, Any?>()
         val program = object : SupportSQLiteProgram {
diff --git a/infra/resources/src/main/res/values/strings.xml b/infra/resources/src/main/res/values/strings.xml
index 4cfb112f69..4f3ef49dfd 100644
--- a/infra/resources/src/main/res/values/strings.xml
+++ b/infra/resources/src/main/res/values/strings.xml
@@ -491,6 +491,9 @@
     <string name="mfid_type_nhis_card">NHIS Card</string>
     <string name="mfid_type_ghana_id_card">Ghana ID Card</string>
     <string name="mfid_type_qr_code">QR Code</string>
+    <string name="mfid_nhis_card_credential_field">Membership number</string>
+    <string name="mfid_ghana_id_credential_field">Personal ID</string>
+    <string name="mfid_qr_credential_field">QR Code value</string>
     <string name="mfid_type_any_document">a document</string>
     <string name="mfid_dialog_skip_scan_title">Skip scanning?</string>
 
@@ -509,5 +512,18 @@
     <string name="mfid_dialog_wrong_qr_rescan">Re-scan</string>
     <string name="mfid_ocr_progress_title">Scanning, keep card in frame…</string>
     <string name="mfid_scan_camera_permission_body">Cannot scan the %1$s without permission to use the camera</string>
+    <string name="mfid_confirmation_checkbox_text">I confirm that the %1$s is scanned correctly</string>
+    <string name="mfid_action_go_to_record">Go to record</string>
+    <string name="mfid_action_enrol">Enrol</string>
+    <string name="mfid_action_enrol_anyway">Enrol anyway</string>
+    <string name="mfid_action_continue">Continue</string>
+    <string name="mfid_searching">Searching…</string>
+
+    <string name="mfid_search_found_enrol">This %1$s is already registered</string>
+    <string name="mfid_search_found_identification">Record found</string>
+    <string name="mfid_search_found_identification_low_match_score">This %1$s might be linked to another patient</string>
+    <string name="mfid_search_not_found_identification">No record is found with this %1$s. You wil be able to link this %2$s to a patient later</string>
+
+
 
 </resources>
diff --git a/infra/resources/src/main/res/values/styles-text.xml b/infra/resources/src/main/res/values/styles-text.xml
index 464442290d..85edd69ac2 100644
--- a/infra/resources/src/main/res/values/styles-text.xml
+++ b/infra/resources/src/main/res/values/styles-text.xml
@@ -128,6 +128,10 @@
         <item name="android:textAppearance">@style/TextAppearance.Simprints.Headline4</item>
     </style>
 
+    <style name="Text.Headline4.Bold">
+        <item name="android:textStyle">bold</item>
+    </style>
+
     <!-- H5 variants -->
 
     <style name="Text.Headline5" parent="Widget.MaterialComponents.TextView">