Skip to content

Signup process with step up configuration

This guide describes how to add step up method configuration into the signup flow

Prerequisites

To successfully complete this topic guide you need to ensure following prerequisites: - Onegini IdP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address - access to the Onegini IdP's admin console

If mobile authentication will be used: - integration with the Onegini Token Server must be configured in the Onegini IdP's admin panel - mobile authentication feature must be enabled in the Onegini IdP's admin panel - Enroll on signup (under the mobile authentication feature) needs to be set either to Optional or Required - the Onegini Token Server must be properly configured and integrated with Onegini Extension Engine - the Onegini Token Server must have an Identity Provider of type CUSTOM_API_ONE_STEP configured - have a mobile application that is using the Onegini Mobile SDK and is integrated with the Onegini Token Server

If Google Authenticator will be used: - Google Authenticator step-up authentication must be enabled in the Onegini IdP's admin panel - Enroll on signup (under the Google Authenticator step-up authentication feature) needs to be set either to Optional or Required

The flow

The above configuration can enable some optional or required step up configuration during signup process. Those will be displayed just before the email verification. Currently, there are 5 scenarios: 1. Both mobile authentication and google authenticator are disabled. The signup process does not change. 2. When mobile authentication is set to Optional or Required, then just before email verification page is shown, a user can enroll for mobile authentication. Optional means, that this step can be skipped. 3. When google authenticator is set to Optional or Required, then just before the email verification page is shown, a user can add an authenticator app. Optional means, that this step can be skipped. 4. When both are Required, or one of the options is set to Optional, step up configuration pages for both options are shown one after another. Mobile Authentication is always shown first. 5. When both are set to Optional, an additional page is shown right before setting up the step up method. User can choose one of the available methods to add and is redirected to the proper configuration page after the decision.