# MobileID App
Table of contents
# About the MobileID App
The MobileID App offers a simple way to implement and use two-factor authentication on mobile devices, which can be used for authentication (Connect). If combined with SignicatID (SCID), electronic signing (Sign) of documents is also supported.
The solution offers fingerprint, facial recognition or PIN code for authentication and provides Strong Customer Authentication (SCA) satisfying PSD2 requirements. The MobileID App is available on Google Play (opens new window)as well as the Apple App Store (opens new window).
# Key features
Supports PIN and fingerprint on both Apple and Android devices, as well as Apple Face ID.
Can be used as an authenticator as part of SignicatID (SCID).
Signing of documents with MobileID is available through Signicat's signing functionality, if combined with SignicatID (SCID).
Provides Strong Customer Authentication (SCA) satisfying PSD2 requirements.
Like the MobileID InApp solution, the MobileID App relies on Encap Security, an established and trusted provider of mobile security solutions, for app security. The MobileID App is not the same as the MobileID InAapp solution, however. The MobileID App is a standalone app, whereas the MobileID InApp solution is integrated with existing business applications.
# Demo
If you want to see how the MobileID App works, you can use Signicat's demo service.
# Integration guides
Integration with the MobileID App is done via the same API as Signicat's other ID methods. Through the single point of integration, one will get access to Signicat's wide portfolio of integrated ID methods, not only MobileID, but also other services like identity paper verification and lookups.
Specific instructions for integrating using both OIDC and SAML can be found below. See Getting started with authentication for more guides and examples.
# Integrating with OIDC
Signicat has implemented OAuth 2.0 with the Authorization Code Flow. In order to use this, the following information has to be exchanged.
# Information exchanged between Signicat and the customer
Task | Parameter to expose to Signicat | Description |
---|---|---|
Create customer's OIDC client | CUSTOMER_CLIENT_ID | |
Create client secret | CUSTOMER_CLIENT_SECRET | Used for communication with Signicat's OIDC server |
Create reg method | CUSTOMER_REG_METHOD_NAME | Method name should always reflect the initiating scenario (app-to-app/web-to-app) |
Create auth method | CUSTOMER_AUTH_METHOD_NAME | Name should always match the initiating scenario (app-to-app/web-to-app) |
- | SIGNICAT_BASE_URL | Signicat environment URL (e.g. https://preprod.signicat.com) |
- | SIGNICAT_AUTHORIZATION_ENDPOINT SIGNICAT_TOKEN_ENDPOINT SIGNICAT_USERINFO_ENDPOINT | Refer to the OIDC Discovery URI at <SIGNICAT_BASE_URL>/oidc/.well-known/openid-configuration |
Prepare basicAuthHeader | CUSTOMER_BASIC_AUTH_HEADER | Base64-encoded CUSTOMER_CLIENT_ID:CUSTOMER_CLIENT_SECRET , to be used for obtaining the access token |
# Information exchanged between the customer and Signicat
Parameter to expose to Signicat | Description |
---|---|
CUSTOMER_CALLBACK_URL | Callback URL (a customer backend) that Signicat's server will send the authorization code and final result to |
Note
Other parameters may be required, depending on the integration scenario (app-to-app or web-to-app). These scenarios are described in the section on Registration and authentication with the MobileID App below.
# Integrating with SAML 1.1
# Information exchanged between Signicat and the customer
Task | Parameter to expose to customer | Description |
---|---|---|
Create a service | CUSTOMER_SERVICE | |
Create reg method | CUSTOMER_REG_METHOD_NAME | Method name should always reflect the initiating scenario (app-to-app/web-to-app) |
Create auth method | CUSTOMER_AUTH_METHOD_NAME | Method name should always reflect the initiating scenario (app-to-app/web-to-app) |
- | SIGNICAT_BASE_URL | Environment URL, e.g. https://preprod.signicat.com |
# Information exchanged between the customer and Signicat
Parameter to expose to Signicat | Description |
---|---|
CUSTOMER_REDIRECT_URL | Redirect URL (a customer backend) that Signicat's server will send the SAML response to |
# Registration and authentication with the MobileID App
The main purpose of the MobileID App is to be an authenticator. In order to pair the app and an identity, however, the end-user must go through a registration process. To establish who the end-user is within the customer's system, the person's identity is established by the customer through the use of another ID method. The registration process can then be started either in a browser or from another app.
The process of registration results in a deviceId
being returned, which can then be used for subsequent authentications. The deviceId
is a unique identifier that is tied to the information of the end-user who registered the MobileID device (userId
).
Important
It is the responsibility of the customer to tie the deviceId
to the end-user's information (obtained through a secondary ID method) in a persistent manner, such as in a database, so that it can later be used in the MobileID App authentication process.
# App-to-app registration and authentication with the MobileID App
App-to-app registration and authentication allow the customer to offer registration and authentication capabilities for a mobile app through the MobileID App.
With app-to-app registration, the entire registration process is performed within the customer's app, including identifying the end-user. An end-user who has completed the registration process can authenticate their identity.
With app-to-app authentication, the whole authentication process is handled by the customer's app, all the way from initializing the authentication to receiving a response with the result of the operation.
Click on the tabs below for a detailed explanation of the processes of app-to-app registration and authentication.
# Web-to-app registration and authentication with the MobileID App
Web-to-app registration and authentication allow the customer to offer registration and authentication capabilities for a web application through the MobileID App.
With web-to-app registration, the whole registration process is performed inside the browser, including identifying the user.
Web-to-app authentication handles the whole authentication process from the browser, all the way from initializing the authentication to receiving a response with the result.
Click on the tabs below for a detailed explanation of the processes of web-to-app registration and authentication.
The videos below show the processes of web-to-app registration and authentication from the end-user perspective.
# MobileID App: Web-to-app registration
# MobileID App: Web-to-app authentication
# Sample projects and code
Try out sample apps that demonstrate how to integrate with Signicat's MobileID App using the OIDC protocol:
Channel | Sample projects | GitHub repository |
---|---|---|
App-to-app integration | Backend: sample-mobileid-app-app2app-backend-1.0.2.zip Android app: MobileID_InApp_Sample-2.0.0-b6c1c816.110.apk | Backend: https://github.com/signicat/sample-mobileid-app-app2app-backend (opens new window) App: https://github.com/signicat/sample-mobileid-app-common-react-native (opens new window) |
Web-to-app integration | sample-mobileid-app-web-backend-1.0.18.zip | https://github.com/signicat/sample-mobileid-app-web-backend (opens new window) |
Web-to-app integration (HTML) with OIDC | sample-mobileid-app-web-html-backend-v1.0.6.zip | https://github.com/signicat/sample-mobileid-app-web-html-backend (opens new window) |
# Frequently asked questions (FAQ)
Question | Answer |
---|---|
Can the MobileID App be used on a mobile device without a fingerprint reader? | Yes, the user will then use a PIN code. |
What is the difference between using the MobileID App and enabling native fingerprint support from the OS in your application? | Signicat registers the phone as an authentication device and binds the user to the phone and fingerprint (or PIN). The connection between the phone and the server is encrypted and securely handled by Signicat using award-winning technology. |
Can the MobileID App be used with Microsoft Surface? | No. Only Android and iOS devices are supported. |
Does the MobileID App support OIDC and SAML2? | Yes |
Does the customer need to have SignicatID (SCID)? | No, the MobileID App will operate without SignicatID (SCID). But SignicatID can be configured to use the MobileID App as an authenticator. |
How is this related to the MobileID InApp solution? | The MobileID App is a standalone mobile app that can be used as an authenticator. The MobileID InApp solution provides an API which allows customers to implement strong customer authentication in their existing mobile apps. |
Who publishes the MobileID App? | Signicat AS is the publisher. Going forward, Signicat is considering creating soft-branded apps, where a customer can be the publisher. |
# Support
If you have any further questions, contact us at support@signicat.com.