Recently, security issues are obstructing the development and using of cloud computing services. Authentication and integrity play an important role in the cloud security, and numerous concerns have been raised to recognize any tampering with exchanges of the image document between two entities (sender and receiver) within the cloud environment. However, none of the existing solutions reduce the probability of known attacks by combining cryptographic hash function with a strong factor that should be periodically changed. For this reason, in this paper we propose a robust one-time image document authentication scheme based on combining non-interactive onetime biometric key and a robust wavelet-based cryptographic hashing scheme. The result of the combination is one-time image document authentication code (OMAC). OMAC is hidden in an image document as a cover image through reversible data embedding steganography. The proposed scheme has several important security attributes, such as key agreement, biometric key management, robust OMAC, invulnerability, and efficiency. In biometric key management, key generation, key selection, and key update algorithms are performed autonomously by the sender and the receiver; thus, no interaction between them is needed.