Mobile Identity & Access

Architectural overview
Functional overview
Component overview
Functional flows

Introduction

On the architectural overview page you'll get a quick introduction to the MSP landscape. We'll start by explaining the feature sets from a functional perspective: what are the responsibilities that the Onegini Mobile Security Platform takes on? Next, you'll see the various software components that the Mobile Platform provides, how they interact with one another and how they interact with components in your existing landscape. Last, in the functional flows section we'll take you through the flow of the main business processes and which components are responsible for those steps.

Functional overview

Authenticationprocesses: Enrollment,identity verification, push authentication, mobile login, payments int
Protect API's

Authenticators:
PIN code, fingerprint, bio and voice.

Securityfeatures:
payloadencryption,jailbreak detection, hardening, anti tampering

Continuous
authentication

Management 
and control

On the left you see your business app where the MSP provides options for Authentication processes like enrollment and 2d factor authentication. Within these processes you can use a wide range of authenticators. The MSP natively provides a pin-code mechanism and provides seamless integration with biometric solutions like fingerprint authentication on your iOS or Android device. Out of the box you can setup a wide range of security features like jailbreak detection, tampering protection and payload encryption.

On the right you see the server side functionality where you provide the apps with data and monitor and control the flows and traffic. The MSP uses OAuth 2.0 tokens to protect your API's. It enables access to users are allowed to use it. On the server side you'll manage and control all the rules and configuration like a pincode policy, the applicable mobile OS versions your users have to use or which fallback mechanism between authenticators you allow. Because the MSP hands out tokens and verifies the user, it is in an ideal position to continuously monitor the system to see if there's anything out of the ordinary going on. We'll share the graphs and provide you with insight on which you can take action.

Component overview

In the overview below you see the various components in the MSP and with which components they interact in your current architecture. Blue components are part of the core Onegini Mobile Secure Platform. White components are generally present in your current architecture.

Device
a3
a1
r1
App
a11
Token Server
a2
r2
SDK
Security Proxy
APIs
r3
a5
Resource Gateway
IDP
a4
a10
(inApp) 
browser
a6
API or Portal
a7
a8
GCM/APNS
(push providers)
Authentication
Resource calls
Optional calls
a12
a13
Notes
- You can click on the components in this 
diagram to go to the documentation section 
of that specific component.
- The letters refer to sections in the business
processes section

Extension Engine

Functional flows

You can click on the diagram to go to the detailed information

Device
Registration
User
Registration
Authentication:
Login
API
Access
Authentication:
Mobile Authentication
Self Service
Management & 
Control