Mobile identity
Your company’s online strategy includes more than just web portals. Many organizations have a mobile-first strategy, which means that developing mobile capabilities for your users takes precedence over desktop web portals.
Mobile identities offer numerous advantages to businesses. They can help simplify your sign-up processes, prevent password issues, and protect your users from fraud. Verifying a mobile identity can be done in seconds.
The Thales OneWelcome Identity Platform includes a full, secure mobile solution that can serve as both an authenticator app and an end-to-end mobile app security platform. It secures both the app and the communication with backend systems by verifying a user’s device. It includes a wide range of ready-made, customizable security features that you can choose from, such as jailbreak detection, tampering protection, and payload encryption, allowing the creation of customer apps with tier-one banking-grade security.
Implementing mobile apps introduces another level of complexity that requires additional security measures. The mobile identity solution delivers heightened security right out of the box, ensuring it is compliant at the same time.
If you already have a consumer or business app, you can integrate the mobile SDK within your business application for mobile access, authorization, or authentication use cases.
The mobile identity app also adds a direct communication channel with users. For example, a push message sent by the SDK might indicate that an account in your environment is available. It also delivers native SDKs for iOS, Android, Flutter wrapper, and React Native.
The mobile identity solution is a full-featured mobile security function that is a combination of a mobile SDK and an associated backend service with the following components:
Mobile access
Based on OAuth 2.0, data exchange is done completely securely without the need to share usernames or passwords. This is also the point where the IDP is integrated. Management and control of the rules and configuration, such as PIN code policies, the applicable mobile OS versions that your users must use, or which fallback mechanisms between authenticators you allow, are configured on the backend service.
Because the backend service hands out tokens and verifies the user, it is in an ideal position to continuously monitor the system to see if there’s anything out of the ordinary going on. The backend service can also provide various insights.
User registration
There are many ways a user can register themself and their mobile devices with the business application. All the identity providers supported by the OneWelcome Identity Platform can be used for registration, which can be done through a browser and QR code. After a user registers with an identity provider, they create a PIN code and from that point on they are able to use all the app features.
Mobile authentication
The mobile SDK can be used to build an authenticator app that can be used for passwordless login or as a second factor for user authentication.
The authentication request can be sent by push services provided by Android or iOS, or can be triggered by sending a QR code. Requests can be authenticated with a PIN, biometric authentication from the operating system, sensory, or by pressing a confirmation button.
User authentication can be customized with authenticators that are available within the app.
Additionally, it supports security features like jailbreak detection, tampering protection, and payload encryption. The server feeds the mobile apps with data and monitors and controls the flows and traffic. A security proxy is added to form a secure bridge by adding an additional layer of encryption (payload encryption).
App-to-web
App-to-web support is necessary to guarantee single sign-on access and to offer your users an additional channel for self-service, even without having an out-of-the-box app available within the module.
App2App
The mobile SDK is compatible with implementing an App2App authentication design pattern where a mobile app can authenticate users via a separate high-security mobile app. This provides an out-of-the-box Strong Customer Authentication (SCA) solution.
Authentication with external IDP
The mobile identity solution is designed to support any IDP that supports SAML or OAuth protocols. This means that you can use your own IDP during the registration process on the mobile application. Since the mobile solution issues its own access tokens, you can just rely on our IDP.
White-label authenticator app
The mobile identity solution provides an example app offering GDPR-compliant multi-factor authentication. It’s a user-friendly solution that provides high grade security and privacy standards without additional passwords and usernames. It was specifically designed for consumer use. Multiple features, like biometric authenticators or push messages, are available out of the box.
Branding
Using the mobile SDK also gives full flexibility to customize or brand the application according to your branding guidelines. The colors, logos, and images can all be adjusted.