Authentication and authorisation

Once you have registered the device and activated authentication credentials, you can then use the app to authenticate and authorise operations for your end-users.

All operations are initiated through our Start authentication endpoint, then completed by the end-user in the Authenticator App.

What does it look like for your end-users?

You can use the image slider below to see what the authentication operation looks like for your end-users.

On your device, click on the push notification.

Approve the pre-operation context with MobileID.

Once the authentication is completed, you will see a confirmation screen with the post-operation context.

1/3 - On your device, click on the push notification.

How does the flow work?

In this flow there are three important concepts to understand:

Push notifications
Authentication methods
Operation context

Push notifications

MobileID supports sending push notifications to inform the end-user that something is happening that requires their attention in the app.

This is an optional feature that you can configure in the application configuration. If you enable push, you can also toggle it when initiating the authentication.

Note

Push notifications is a tool to improve the end-user experience, but you are not required to use it. It has no impact on the authentication operation itself.

Authentication methods

The Authenticator App supports two-factor authentication. When initiating the authentication, you have the option to specify the authentication method in the request.

If you do not specify an authentication method, then the app uses biometrics as the default if it is activated on the end-user's device. If biometrics are not activated, then the app defaults to using a PIN instead.

The Authenticator App supports the following authentication methods:

PIN
Biometrics (Face ID, Touch ID, BiometricPrompt)
Face Authentication

The end-user must have activated the authentication method before it can be used in authentication operations.

Operation context

For each operation, you can set a context. This is a text which is passed to the mobile device. The operation context allows you to send important information to the end-user, through a secure channel with end-to-end encryption (E2EE).

This information can be passed:

Before the operation has been approved (pre-operation context).
After the operation has been successfully completed (post-operation context).

Want to learn more?

For more information, see the Operation context page in the MobileID feature documentation.

Integration flow

The sequence diagram below provides an overview of the operations that make up the authentication process with the Authenticator App.

Sequence diagram showing MobileID authentication with Authenticator App

What does it look like for your end-users?​

How does the flow work?​

Push notifications​

Authentication methods​

Operation context​

Integration flow​