Authenticator App
About the Authenticator App
The Authenticator App is a robust, white-labelled solution designed to deliver secure and seamless two-factor authentication (2FA) for a wide range of digital interactions. It enables your end-users to securely authenticate using their mobile device as a possession element, combined with either biometrics or a PIN code; this ensures strong customer authentication.
The app is customisable, which allows you to tailor it to your brand identity whilst leveraging Signicat's powerful MobileID authentication capabilities. It is ideal for any scenario where secure user verification is essential, for example:
- Logging into a service.
- Authorising a transaction.
- Confirming a sensitive operation.
With the Authenticator App, you can provide your end-users with a smooth, user-friendly experience that meets the highest security standards and regulatory requirements.
If you already have your own app, then we recommend that you use either our Android or iOS SDK to get the most out of this product.
To get your hands of a test version of the Authenticator App, see the Try it out section on this page.
How does the Authenticator App work?
The Authenticator App implements two key process flows:
- Registering the device and activating authentication credentials.
- Performing authentications and authorisations.
Registration
Before you can use the app for authentications and authorisations your end-users need to register the device and activate authentication credentials.
It is also possible to onboard and register the app with ID document and biometric verification using our ReuseID APIs.
To learn how to do this, see our ReuseID Quick start guide.
What does it look like for your end-users?
You can use the image slider below to see what the registration operation looks like for your end-users.
How does the flow work?
In this flow there are three important concepts to understand:
Activation code
The app is activated with an activation code. The activation code is generated by MobileID and passed to you in the response when you initiate a registration.
It is your responsibility to display the activation code to the user in the preferred channel; for example, this could be a web page after the user has authenticated themselves.
QR code
The app has built-in support for scanning QR codes during enrolment.
- This provides a better user experience for the end-user, as they can scan the code instead of entering it manually.
- This makes it easier to use longer and more secure activation codes.
To use this, you must generate a QR code and display it to the end-user. The end-user can then scan the QR code with the camera on the device.
Authentication methods
Once the activation code has been successfully verified the end-user will activate authentication methods. The Authenticator App support the following authentication methods:
- Device
- PIN code
- Biometrics (Face ID, Touch ID, BiometricPrompt)
When using the Authenticator App it is required for the end-user to select a PIN. If biometrics are supported in the application configuration, then the end-user also has the option to activate a biometric authentication method.
The device (as an authentication method) is always activated in the background when activating a PIN, enabling you to perform both one-factor and two-factor authentication.
Operation context
You can set a post-operation context on the registration operation. The post context is passed to the Authenticator App, through a secure channel with end-to-end encryption (E2EE), after a successful registration. Allowing you to pass data in a secure way to your end-user once they have completed the registration.
For more information on operation context, see our MobileID feature documentation.
Integration flow
The sequence diagram below provides an overview of the operations that make up the registration process with the Authenticator App.
Sequence diagram showing activation of Authenticator App
Authentication and authorisation
Once you have registered the device and activated authentication credentials, you can then use the app to authenticate and authorise operations for your end-users.
All operations are initiated through our authentication endpoint, and completed by the end-user in the Authenticator App.
What does it look like for your end-users?
You can use the image slider below to see what the authentication operation looks like for your end-users.
How does the flow work?
In this flow there are three important concepts to understand:
Push notifications
MobileID supports sending push notifications to inform the end-user that something is happening that requires their attention in the app.
This is an optional feature that you can configure in the application configuration. If you enable push, you can also toggle it when initiating the authentication.
Push notifications is a tool to improve the end-user experience, but you are not required to use it. It has no impact on the authentication operation itself.
Authentication methods and levels
The Authenticator App supports one-factor and two-factor authentication. When initiating the authentication, you can specify what authentication level and what authentication method used. If nothing is specified in the request, it will default to two-factor authentication.
The Authenticator App supports the following authentication methods:
- Device
- PIN code
- Biometrics (Face ID, Touch ID, BiometricPrompt)
The end-user must have activated the authentication method before it can be used in authentication operations.
If biometrics are activated, then the Authenticator App will default to this method when a two-factor operation is initiated unless you have specified PIN in the authentication request.
Operation context
For each operation, you can set a context. This is a text which is passed to the mobile device. The operation context allows you to send important information to the end-user, through a secure channel with end-to-end encryption (E2EE).
This information can be passed:
- Before the operation has been approved (pre-operation context).
- After the operation has been successfully completed (post-operation context).
Integration flow
The sequence diagram below provides an overview of the operations that make up the authentication process with the Authenticator App.
Sequence diagram showing authentication with PIN code using Authenticator App
Additional features
The following features are available in the Authenticator App once it has been activated.
Activate/deactivate biometrics
The end-user has the option to activate/deactivate biometric authentication methods on devices that support this.
What does deactivating biometrics look like for your end-users?
You can use the image slider below to see what deactivating biometrics looks like for your end-users.
What does activating biometrics look like for your end-users?
You can use the image slider below to see what activating biometrics looks like for your end-users.
Change the PIN code
The end-user has the option to change the PIN code in the Authenticator App. This is initiated from the top-left menu, and the end-user is asked to authenticate with a PIN code before selecting a new one.
What does this look like for your end-users?
Deactivate
The end-user has the option to deactivate the app and delete the activation data from the device.
What does this look like for your end-users?
This operation can not reverted. To get access to the app again, the end-user must perform a new registration.
Configuration options
You can configure the Authenticator App to suit your requirements:
Application behaviour
You can configure how the app should behave. For example:
- What authentication methods are allowed.
- The PIN code length.
To learn about and update your configuration, see Application behaviour in the Signicat Dashboard.
MobileID features
MobileID offers a range of additional features that you can configure for you Authenticator App.
To learn about what features we offer and how they work, see our MobileID feature guides.
Push notifications
The Authenticator App supports push notifications. Push notifications are an optional feature, and are only used to notify the end-user that an operation has been initiated.
To enable push notifications, you need to:
1. Complete prerequisites
There are a set of prerequisites that you must complete before you can configure push notifications. These steps vary depending on the platform.
To learn how to complete these, use the buttons below:
To get assistance with instructions for completing prerequisites for your iOS Authenticator App, you can contact us by creating a support ticket in the Signicat Dashboard.
2. Configure the application configuration
To enable and configure push notifications, you also need to update your application configuration.
You can see what values need to be set in the Push configurations table in the Application configuration feature documentation.
To update your application configuration with the necessary properties, you can use the Signicat Dashboard.
Promon SHIELD™
Promon SHIELD™ is a security technology that integrates directly into applications to provide proactive security against a wide range of attacks, such as:
- Tampering
- Debugging
- Code injection
- Code modification
- Stealing of data from the app.
Promon SHIELD™ is required when using our Authenticator App. The security mechanisms from Promon SHIELD™ can be configured to behave according to the desired security policy.
We can shield the app for you, or you can choose to shield the app yourself.
If we are to shield the app for you, you must provide the application signing key (applicationSignerTeamID
/applicationSignerCertificate
).
We can also make changes to the default configurations if required.
Localisation
The Authenticator App supports the following languages:
- English
- Norwegian
- Swedish
- Finnish.
If you wish to add another language, you can contact us by creating a support ticket in the Signicat Dashboard.
Branding
You can customise the appearance of the Authenticator App with your own branding, by supplying the following resources:
- The name of the app.
- The application icon.
- The logo on the welcome page and home page.
- The colour value for various elements within the app, such as the toolbar, button colour and background colour.
- The launch image or splash screen, which is displayed during the launch of the app.
- The notification icon.
- The help page.
See our Authenticator App branding guide for further details:
Supported operating systems
The Authenticator App supports the following operating systems:
- Android 9.0 and later.
- iOS 15.0 and later.
Publish the app
We deliver the Authenticator App app to you as an APK
or XCARCHIVE
file. It is your responsibility to sign and publish the app on the App Store and Google Play.
This requires a developer account for the relevant platform. If you do not have an account, you will need to sign up for one.
To learn how to do this, see our platform-specific guides for publishing the app:
Our guide for iOS is coming soon.
To get assistance with instructions for publishing to the Apple App Store, you can contact us by creating a support ticket in the Signicat Dashboard.
Demo
You can see what the Authenticator App looks like and how it can be used in our YouTube videos. These videos demonstrate the Authenticator App being used in our demo bank (West Springfield Bank).
Try it out
You can use our quick start guide to get started and try out our Authenticator App.