Mobile authentication
Introduction
With mobile authentication the mobile platform offers a two factor authentication mechanism in a user friendly and secure way. You can take advantage of the mobile authentication to add a second factor authentication for your product, that can be used to improve security of selected actions like logging into your website or accepting a payment transaction.
The mobile authentication feature is an extensive feature that has a number of different possibilities. E.g. there are different ways that mobile authentication is triggered / received on a mobile device:
- With push notifications; The user gets a push notification on his phone to alert him that a mobile authentication transaction is pending.
- With an One-Time-Password (OTP); The user provides an OTP in order to confirm a mobile authentication transaction. Since the OTP is long it is likely that the OTP is transformed into a QR code and the user scans this code with his mobile device.
The mobile authentication with Push mechanism offers different ways of user authentication so you can ask your users for additional verification when accepting a mobile authentication request.
Configuration
Before mobile authentication can be used, you should configure the Token Server to support this functionality. Please follow Mobile authentication configuration guide to set it up.
When the Token Server is configured, you can enroll and handle mobile authentication requests using the SDK.
Enrollment
During the mobile authentication enrollment step the user is registered for mobile authentication. The enrollment is done by exchanging public PGP keys with the Token Server. It enables the basic mobile authentication feature which allows handling OTP requests.
Mobile authentication enrollment is started by calling the enrollForMobileAuth
method. Below you can
see example code to initialize mobile authentication enrollment:
Successive invocations of enrollment for mobile authentication will re-enroll the device only if the mobile authentication override is enabled in The Token Server configuration. See the Token Server mobile authentication configuration for more information on the server side configuration of mobile authentication.
Enrolling for mobile authentication will NOT enroll automatically for the push. To enrol for push please follow Mobile authentication with Push guide.
It is advised to perform the
enrollMobileAuth
step as soon as possible in your application as it is quite resource intensive becuause it generates a private key and certificate.
Request handling
In order to handle mobile authentication request the user needs to be enrolled for mobile authentication. To verify if the
user is already enrolled, you should useisMobileAuthEnrolled(for:)
method on the UserClient
.
The SDK is capable of handling two types of mobile authentication requests. For more information on handling each mobile authentication type, please refer to the corresponding request handling guides.
- Push - Mobile authentication with Push guide
- OTP - Mobile authentication with OTP guide