About Mobile Connect
Mobile Connect is a digital identity service used in Germany for identifying natural persons via their mobile phones. This service is provided by GSMA and developed by the mobile-operators Deutsche Telekom, Telefonica (O2) and Vodafone.
Signicat’s integration with Mobile Connect supports one-factor authentication. The end-user simply enters their mobile number as identification. It complies with eIDAS level 2, which is “Low” Level of Assurance (LoA). So you should only use this service in transactions that do not require a strong security level, or in combination with another factor to support two-factor authentication. Examples of use areas can be logins for merchant’s benefit cards, streaming services, games etc.
The main aim of this service is to give the end-users an easy and efficient way of authenticating themselves when using online services. This offers users greater security and convenience than having to create and remember usernames and passwords for each website or service they use. Mobile Connect allows the end-users to log in more easily, simply by entering their mobile number.
- Easy login with mobile phone number.
- No user password required.
- One-factor authentication, LoA level “Low”.
- The authentication is connected to the mobile SIM card.
- Mobile phone customers of Deutsche Telekom, Telefonica (O2) and Vodafone automatically get access to Mobile Connect.
You can use Mobile Connect for authentication of your users both during the onboarding process and re-authentication. The only requirement is that the end-user has a valid mobile number with one of the mobile operators, Deutsche Telekom, Telefonica (O2) or Vodafone. During the onboarding process, the end-user must also sign a one-off consent form for using Mobile Connect.
The authentication process may look as follows from the end-user perspective. This assumes the end-user wants to log in to an online service, for example, a streaming service.
- The end-user opens the merchant’s streaming app or application on a mobile or desktop device.
- The end-user is redirected to Mobile Connect’s login box and is asked to provide their mobile phone number (MSISDN):
- When the end-user has entered the mobile number, they are redirected to the waiting page of the mobile network operator:
This waiting page is displayed if the end-user has a valid mobile phone number from one of the three mobile phone operations. Here, the mobile operator informs that the end-user should have received an SMS with a login link. The end-user can also cancel the login from this screen.
- The end-user receives an SMS with an authentication link.
- The end-user clicks the authentication link and is now logged into the service.
How to integrate with Mobile Connect
The integration is done via the same API as Signicat’s other ID methods. See Get started with authentication for more information. Through the single point of integration, you will get access to Signicat’s wide portfolio of integrated ID methods, not only Mobile Connect, but also other services like signing, identity paper verification and lookups.
Mobile Connect is based on the OIDC as the authentication protocol.
The method name is mobile-connect.
The result from the request is coming back in a SAML response:
subject.name cc795096-d995-48d7-95b6-2620100d59f6 subject.format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified subject.nameQualifier urn:ksi:names:SAML:2.0:ac:mobileconnect authentication.method urn:ksi:names:SAML:2.0:ac:mobileconnect authentication.instant Mon Jun 29 10:13:02 CEST 2020 signicat.service-name nbidmobile signicat.method-name mobile-connect signicat.unique-id cc795096-d995-48d7-95b6-2620100d59f6 signicat.security-level 3 signicat.plain-name mobileconnect.sub cc795096-d995-48d7-95b6-2620100d59f6 mobileconnect-claims.at_hash k4LsKH_QOogN5NoISvK5HQ mobileconnect-claims.sub cc795096-d995-48d7-95b6-2620100d59f6 mobileconnect-claims.aud [73f708e1-e478-49d8-8363-3f773f5abc2f, 73f708e1-e478-49d8-8363-3f773f5abc2f] mobileconnect-claims.acr 2 mobileconnect-claims.azp 73f708e1-e478-49d8-8363-3f773f5abc2f mobileconnect-claims.auth_time 1593418380 mobileconnect-claims.amr [null] mobileconnect-claims.iss https://mobileconnect-test.telekom.de/openid mobileconnect-claims.hashed_login_hint C1F744D2DB37494CCE8185F0101A2E5D3DBE4BD67CB71FDE2491E7FDD80525C1 mobileconnect-claims.exp 1593420382000 mobileconnect-claims.iat 1593418382000 mobileconnect-claims.nonce c5597ec0-eb9e-4146-a73b-31fb02c1beba
mobileconnect.sub is a unique identifier that is used to identify the end-user. This is a Pseudonymous Customer Reference (PCR) used by Mobile Connect to reference a pairing between a specific end-user’s account and a specific application/web service. The name of the end-user is empty, which means it is anonymized.
Signicat’s test environment preprod.signicat.com is available 24×7, and may be used during your development and test phase.
To be able to test, you need a valid telephone number from one of the following mobile operators, Deutsche Telekom, Telefonica (O2) or Vodafone.
Each of the mobile operators has their own test environments. Signicat will set this up for you. Please, contact Signicat to get help with setting this up.