Hey @Hayder Jebur Racheal from the support engineer team here 

It looks like my teammates Eden and Magnus helped you out on this but I’ll add their responses here for future viewers!

1. The hash itself shouldn't need any specific protection, so I'd recommend just adding it to the installation snippet where you're passing in the User attributes. Just make sure to never send the secret to the client and you're all good! The user_hash must be generated server-side. After you have generated the user_hash, you need to pass it to the intercomSettings object anywhere that the Messenger is loaded on your site (client-side). 
2. To test identity verification, you would need to enable it within Intercom and make sure you have the script set up in your server. Then try to login to your site and open the Messenger. If it’s there, your user_hash was properly generated and you’re good to go! If it isn’t there and you are seeing some 403 errors in the console, you’ll need to take a look at your script and make sure you are passing the correct hashes. You can always check user hashes using our user hash calculator in Settings > Security > Identity Verification

I need help setting up this on my end. anyone could help me? I need help with the Google tag support.