QR Code Login

About QR Code Login

A QR Code Login allows end-users to log in to the Onegini IdP by scanning a QR Code with the Onegini Authenticator app.

Prerequisites

Ensure the following prerequisites:

  • the Onegini IdP must be running,
  • the Onegini Token Server must be running,
  • the Onegini Authenticator app (or your own app with the Onegini mobile SDK) must be registered in the Onegini Token Server and installed on the user's mobile phone.

Configure QR Code Login

  1. Login to the Onegini Consumer Identity Access Manager -> Select Configuration -> Go to Identity Providers -> Click the [+]-button.
  2. Fill in the following fields:
Field Description
Type Open the dropdown list and select the option 'QR Code'.
Name Provide a name for your QR Code Login.
Authentication Level Choose the desired authentication level, 1 through 4.
Mobile Authentication Type Specify the Mobile Authentication Type with the OTP Authentication Method defined in the Onegini Token Server. Login into the Onegini Mobile Security Platform -> Click the tab Configuration -> Click Mobile authentication -> Click Mobile authentication types.

Optionally extend the configuration by:

  1. A Google Play Store link and an Apple App Store link that points to your application on Google Play Store and/or Apple App Store. If at least one of the two links is defined, then the appropriate set of buttons is displayed on the QR Login Page. A user receives a message after logging in with a QR Code. You can configure a custom message by overwriting the message with the key personal.qrCodeLogin.message.
  2. A deep-link is a direct link to the Authentication application on the user's mobile phone; this feature provides a better user experience on a mobile browser. To enable deep linking, enable the option Deep linking enabled and define the redirect URL (for example, myApp://login). To authenticate the user, the application is provided with an OTP code that is automatically added to the redirect URL, for example, myApp://login?otp=31211. This code is used by the Application to authenticate the user in the Onegini Token Server.

Note You also need to configure the Onegini Token Server API correctly. For details, please see the page on the Token Server API.

User experience for QR Code login

  1. Once a QR Code Login Method has been defined, the end-user sees a button on the main login page.
  2. When the user clicks the button, they will be redirected to a page where the QR code appears. Note This only works if the Onegini IdP can establish a connection to the Onegini Token Server
  3. The end-user logs in by scanning the QR Code with the Onegini Authenticator app.