MobileID App

Table of contents

• About the MobileID App
• Key features
• Demo
• Integration guides
  • Integrating with OIDC
  • Integrating with SAML 1.1
• Registration and authentication with the MobileID App
  • App-to-app registration and authentication with the MobileID App
  • Web-to-app registration and authentication with the MobileID App
  • MobileID App: Web-to-app registration
  • MobileID App: Web-to-app authentication
• Sample projects and code
• Frequently asked questions (FAQ)
• Support

About the MobileID App

The MobileID App offers a simple way to implement and use two-factor authentication on mobile devices, which can be used for authentication (Connect). If combined with SignicatID (SCID), electronic signing (Sign) of documents is also supported.

The solution offers fingerprint, facial recognition or PIN code for authentication and provides Strong Customer Authentication (SCA) satisfying PSD2 requirements. The MobileID App is available on Google Play (opens new window)as well as the Apple App Store (opens new window).

Key features

Supports PIN and fingerprint on both Apple and Android devices, as well as Apple Face ID.

Can be used as an authenticator as part of SignicatID (SCID).

Signing of documents with MobileID is available through Signicat's signing functionality, if combined with SignicatID (SCID).

Provides Strong Customer Authentication (SCA) satisfying PSD2 requirements.

Like the MobileID InApp solution, the MobileID App relies on Encap Security, an established and trusted provider of mobile security solutions, for app security. The MobileID App is not the same as the MobileID InAapp solution, however. The MobileID App is a standalone app, whereas the MobileID InApp solution is integrated with existing business applications.

Demo

If you want to see how the MobileID App works, you can use Signicat's demo service.

Try it

See how the MobileID App works by using our demo service

Integration guides

Integration with the MobileID App is done via the same API as Signicat's other ID methods. Through the single point of integration, one will get access to Signicat's wide portfolio of integrated ID methods, not only MobileID, but also other services like identity paper verification and lookups.

Specific instructions for integrating using both OIDC and SAML can be found below. See Getting started with authentication for more guides and examples.

Integrating with OIDC

Signicat has implemented OAuth 2.0 with the Authorization Code Flow. In order to use this, the following information has to be exchanged.

Information exchanged between Signicat and the customer

Task	Parameter to expose to Signicat	Description
Create customer's OIDC client	CUSTOMER_CLIENT_ID
Create client secret	CUSTOMER_CLIENT_SECRET	Used for communication with Signicat's OIDC server
Create reg method	CUSTOMER_REG_METHOD_NAME	Method name should always reflect the initiating scenario (app-to-app/web-to-app)
Create auth method	CUSTOMER_AUTH_METHOD_NAME	Name should always match the initiating scenario (app-to-app/web-to-app)
-	SIGNICAT_BASE_URL	Signicat environment URL (e.g. https://preprod.signicat.com)
-	SIGNICAT_AUTHORIZATION_ENDPOINT SIGNICAT_TOKEN_ENDPOINT SIGNICAT_USERINFO_ENDPOINT	Refer to the OIDC Discovery URI at <SIGNICAT_BASE_URL>/oidc/.well-known/openid-configuration
Prepare basicAuthHeader	CUSTOMER_BASIC_AUTH_HEADER	Base64-encoded CUSTOMER_CLIENT_ID:CUSTOMER_CLIENT_SECRET, to be used for obtaining the access token

Information exchanged between the customer and Signicat

Parameter to expose to Signicat	Description
CUSTOMER_CALLBACK_URL	Callback URL (a customer backend) that Signicat's server will send the authorization code and final result to

Note

Other parameters may be required, depending on the integration scenario (app-to-app or web-to-app). These scenarios are described in the section on Registration and authentication with the MobileID App below.

Integrating with SAML 1.1

Information exchanged between Signicat and the customer

Task	Parameter to expose to customer	Description
Create a service	CUSTOMER_SERVICE
Create reg method	CUSTOMER_REG_METHOD_NAME	Method name should always reflect the initiating scenario (app-to-app/web-to-app)
Create auth method	CUSTOMER_AUTH_METHOD_NAME	Method name should always reflect the initiating scenario (app-to-app/web-to-app)
-	SIGNICAT_BASE_URL	Environment URL, e.g. https://preprod.signicat.com

Information exchanged between the customer and Signicat

Parameter to expose to Signicat	Description
CUSTOMER_REDIRECT_URL	Redirect URL (a customer backend) that Signicat's server will send the SAML response to

Registration and authentication with the MobileID App

The main purpose of the MobileID App is to be an authenticator. In order to pair the app and an identity, however, the end-user must go through a registration process. To establish who the end-user is within the customer's system, the person's identity is established by the customer through the use of another ID method. The registration process can then be started either in a browser or from another app.

The process of registration results in a deviceId being returned, which can then be used for subsequent authentications. The deviceId is a unique identifier that is tied to the information of the end-user who registered the MobileID device (userId).

Important

It is the responsibility of the customer to tie the deviceId to the end-user's information (obtained through a secondary ID method) in a persistent manner, such as in a database, so that it can later be used in the MobileID App authentication process.

App-to-app registration and authentication with the MobileID App

App-to-app registration and authentication allow the customer to offer registration and authentication capabilities for a mobile app through the MobileID App.

With app-to-app registration, the entire registration process is performed within the customer's app, including identifying the end-user. An end-user who has completed the registration process can authenticate their identity.

With app-to-app authentication, the whole authentication process is handled by the customer's app, all the way from initializing the authentication to receiving a response with the result of the operation.

Click on the tabs below for a detailed explanation of the processes of app-to-app registration and authentication.

Web-to-app registration and authentication with the MobileID App

Web-to-app registration and authentication allow the customer to offer registration and authentication capabilities for a web application through the MobileID App.

With web-to-app registration, the whole registration process is performed inside the browser, including identifying the user.

Web-to-app authentication handles the whole authentication process from the browser, all the way from initializing the authentication to receiving a response with the result.

Click on the tabs below for a detailed explanation of the processes of web-to-app registration and authentication.

The videos below show the processes of web-to-app registration and authentication from the end-user perspective.

MobileID App: Web-to-app registration

MobileID App: Web-to-app authentication

Sample projects and code

Try out sample apps that demonstrate how to integrate with Signicat's MobileID App using the OIDC protocol:

Channel	Sample projects	GitHub repository
App-to-app integration	Backend: sample-mobileid-app-app2app-backend-1.0.2.zip Android app: MobileID_InApp_Sample-2.0.0-b6c1c816.110.apk	Backend: https://github.com/signicat/sample-mobileid-app-app2app-backend (opens new window) App: https://github.com/signicat/sample-mobileid-app-common-react-native (opens new window)
Web-to-app integration	sample-mobileid-app-web-backend-1.0.18.zip	https://github.com/signicat/sample-mobileid-app-web-backend (opens new window)
Web-to-app integration (HTML) with OIDC	sample-mobileid-app-web-html-backend-v1.0.6.zip	https://github.com/signicat/sample-mobileid-app-web-html-backend (opens new window)

Frequently asked questions (FAQ)

Question	Answer
Can the MobileID App be used on a mobile device without a fingerprint reader?	Yes, the user will then use a PIN code.
What is the difference between using the MobileID App and enabling native fingerprint support from the OS in your application?	Signicat registers the phone as an authentication device and binds the user to the phone and fingerprint (or PIN). The connection between the phone and the server is encrypted and securely handled by Signicat using award-winning technology.
Can the MobileID App be used with Microsoft Surface?	No. Only Android and iOS devices are supported.
Does the MobileID App support OIDC and SAML2?	Yes
Does the customer need to have SignicatID (SCID)?	No, the MobileID App will operate without SignicatID (SCID). But SignicatID can be configured to use the MobileID App as an authenticator.
How is this related to the MobileID InApp solution?	The MobileID App is a standalone mobile app that can be used as an authenticator. The MobileID InApp solution provides an API which allows customers to implement strong customer authentication in their existing mobile apps.
Who publishes the MobileID App?	Signicat AS is the publisher. Going forward, Signicat is considering creating soft-branded apps, where a customer can be the publisher.

Support

If you have any further questions, contact us at support@signicat.com.