# MobileID App


Table of contents

# About the MobileID App

The MobileID App offers a simple way to implement and use two-factor authentication on mobile devices, which can be used for authentication (Connect). If combined with SignicatID (SCID), electronic signing (Sign) of documents is also supported.

The solution offers fingerprint, facial recognition or PIN code for authentication and provides Strong Customer Authentication (SCA) satisfying PSD2 requirements. The MobileID App is available on Google Play (opens new window)as well as the Apple App Store (opens new window).

# Key features

Supports PIN and fingerprint on both Apple and Android devices, as well as Apple Face ID.

Can be used as an authenticator as part of SignicatID (SCID).

Signing of documents with MobileID is available through Signicat's signing functionality, if combined with SignicatID (SCID).

Provides Strong Customer Authentication (SCA) satisfying PSD2 requirements.

Like the MobileID InApp solution, the MobileID App relies on Encap Security, an established and trusted provider of mobile security solutions, for app security. The MobileID App is not the same as the MobileID InAapp solution, however. The MobileID App is a standalone app, whereas the MobileID InApp solution is integrated with existing business applications.

# Demo

If you want to see how the MobileID App works, you can use Signicat's demo service.

# Integration guides

Integration with the MobileID App is done via the same API as Signicat's other ID methods. Through the single point of integration, one will get access to Signicat's wide portfolio of integrated ID methods, not only MobileID, but also other services like identity paper verification and lookups.

Specific instructions for integrating using both OIDC and SAML can be found below. See Getting started with authentication for more guides and examples.

# Integrating with OIDC

Signicat has implemented OAuth 2.0 with the Authorization Code Flow. In order to use this, the following information has to be exchanged.

# Information exchanged between Signicat and the customer

Task Parameter to expose to Signicat Description
Create customer's OIDC client CUSTOMER_CLIENT_ID
Create client secret CUSTOMER_CLIENT_SECRET Used for communication with Signicat's OIDC server
Create reg method CUSTOMER_REG_METHOD_NAME Method name should always reflect the initiating scenario (app-to-app/web-to-app)
Create auth method CUSTOMER_AUTH_METHOD_NAME Name should always match the initiating scenario (app-to-app/web-to-app)
- SIGNICAT_BASE_URL Signicat environment URL (e.g. https://preprod.signicat.com)
- SIGNICAT_AUTHORIZATION_ENDPOINT SIGNICAT_TOKEN_ENDPOINT SIGNICAT_USERINFO_ENDPOINT Refer to the OIDC Discovery URI at <SIGNICAT_BASE_URL>/oidc/.well-known/openid-configuration
Prepare basicAuthHeader CUSTOMER_BASIC_AUTH_HEADER Base64-encoded CUSTOMER_CLIENT_ID:CUSTOMER_CLIENT_SECRET, to be used for obtaining the access token

# Information exchanged between the customer and Signicat

Parameter to expose to Signicat Description
CUSTOMER_CALLBACK_URL Callback URL (a customer backend) that Signicat's server will send the authorization code and final result to

Note

Other parameters may be required, depending on the integration scenario (app-to-app or web-to-app). These scenarios are described in the section on Registration and authentication with the MobileID App below.

# Integrating with SAML 1.1

# Information exchanged between Signicat and the customer

Task Parameter to expose to customer Description
Create a service CUSTOMER_SERVICE
Create reg method CUSTOMER_REG_METHOD_NAME Method name should always reflect the initiating scenario (app-to-app/web-to-app)
Create auth method CUSTOMER_AUTH_METHOD_NAME Method name should always reflect the initiating scenario (app-to-app/web-to-app)
- SIGNICAT_BASE_URL Environment URL, e.g. https://preprod.signicat.com

# Information exchanged between the customer and Signicat

Parameter to expose to Signicat Description
CUSTOMER_REDIRECT_URL Redirect URL (a customer backend) that Signicat's server will send the SAML response to

# Registration and authentication with the MobileID App

The main purpose of the MobileID App is to be an authenticator. In order to pair the app and an identity, however, the end-user must go through a registration process. To establish who the end-user is within the customer's system, the person's identity is established by the customer through the use of another ID method. The registration process can then be started either in a browser or from another app.

The process of registration results in a deviceId being returned, which can then be used for subsequent authentications. The deviceId is a unique identifier that is tied to the information of the end-user who registered the MobileID device (userId).

Important

It is the responsibility of the customer to tie the deviceId to the end-user's information (obtained through a secondary ID method) in a persistent manner, such as in a database, so that it can later be used in the MobileID App authentication process.

# App-to-app registration and authentication with the MobileID App

App-to-app registration and authentication allow the customer to offer registration and authentication capabilities for a mobile app through the MobileID App.

With app-to-app registration, the entire registration process is performed within the customer's app, including identifying the end-user. An end-user who has completed the registration process can authenticate their identity.

With app-to-app authentication, the whole authentication process is handled by the customer's app, all the way from initializing the authentication to receiving a response with the result of the operation.

Click on the tabs below for a detailed explanation of the processes of app-to-app registration and authentication.

# Web-to-app registration and authentication with the MobileID App

Web-to-app registration and authentication allow the customer to offer registration and authentication capabilities for a web application through the MobileID App.

With web-to-app registration, the whole registration process is performed inside the browser, including identifying the user.

Web-to-app authentication handles the whole authentication process from the browser, all the way from initializing the authentication to receiving a response with the result.

Click on the tabs below for a detailed explanation of the processes of web-to-app registration and authentication.

The videos below show the processes of web-to-app registration and authentication from the end-user perspective.

# MobileID App: Web-to-app registration

# MobileID App: Web-to-app authentication

# Sample projects and code

Try out sample apps that demonstrate how to integrate with Signicat's MobileID App using the OIDC protocol:

Channel Sample projects GitHub repository
App-to-app integration Backend: sample-mobileid-app-app2app-backend-1.0.2.zip

Android app: MobileID_InApp_Sample-2.0.0-b6c1c816.110.apk
Backend: https://github.com/signicat/sample-mobileid-app-app2app-backend (opens new window)

App: https://github.com/signicat/sample-mobileid-app-common-react-native (opens new window)
Web-to-app integration sample-mobileid-app-web-backend-1.0.18.zip https://github.com/signicat/sample-mobileid-app-web-backend (opens new window)
Web-to-app integration (HTML) with OIDC sample-mobileid-app-web-html-backend-v1.0.6.zip https://github.com/signicat/sample-mobileid-app-web-html-backend (opens new window)

# Frequently asked questions (FAQ)

Question Answer
Can the MobileID App be used on a mobile device without a fingerprint reader? Yes, the user will then use a PIN code.
What is the difference between using the MobileID App and enabling native fingerprint support from the OS in your application? Signicat registers the phone as an authentication device and binds the user to the phone and fingerprint (or PIN).

The connection between the phone and the server is encrypted and securely handled by Signicat using award-winning technology.
Can the MobileID App be used with Microsoft Surface? No. Only Android and iOS devices are supported.
Does the MobileID App support OIDC and SAML2? Yes
Does the customer need to have SignicatID (SCID)? No, the MobileID App will operate without SignicatID (SCID). But SignicatID can be configured to use the MobileID App as an authenticator.
How is this related to the MobileID InApp solution? The MobileID App is a standalone mobile app that can be used as an authenticator.

The MobileID InApp solution provides an API which allows customers to implement strong customer authentication in their existing mobile apps.
Who publishes the MobileID App? Signicat AS is the publisher. Going forward, Signicat is considering creating soft-branded apps, where a customer can be the publisher.

# Support

If you have any further questions, contact us at support@signicat.com.

Last updated: 3/1/2021, 12:00:45 AM