Account enrollment

You can enroll end users with a URL workflow or a QR code workflow. Both workflows provide end users with the same authentication functionality.

This is how the account enrollment workflow works:

  • Your end users are already in the data store configured in the Identity Platform to authenticate users.

  • Now you will use the Mobile SDK to take the account data and present the Webview client (for URL enrollment) or camera view (for QR code enrollment).

  • The Mobile SDK is dependent on a properly configured Identity Platform.

  • User completes either QR code or URL enrollment on their device. The Mobile SDK then obtains their account data and saves it to their device.

View an example of how end users could enroll with a QR code or enroll with a URL from their app. The examples show the SecureAuth Authenticate app, but they will give you an idea of what to expect.

  1. Set up an enrollment realm in the SecureAuth Identity Platform.

    This sets up the app enrollment page with a URL or QR code workflow. End users then use the workflow to connect to their profile so they can enroll and set up their accounts for your app.

    Set up a Multi-Factor App Enrollment (URL) realm configuration.

    Set up a Multi-Factor App Enrollment (QR code) realm configuration.

  2. Set up QR code enrollment.

    QR code enrollment offers users the most frictionless customer experience.

    1. End users will set up their devices by opening the Identity Platform QR enrollment realm (set up in step 1) in one device (laptop, tablet), and then scanning the QR code in the mobile device they are enrolling.

    2. Use AVFoundation or a third-party library to obtain the string from scanning a QR code. If using AVFoundation, complete the required setup, which includes creating a capture session, creating a preview layer, and managing delegate callbacks.

    3. Initialize QREnrollmentViewModel in your controller to enroll the account after the QR code is scanned.

    4. Pass the string obtained from scanning the QR code as a parameter to initialize a QRCode object:

      let qrCode = QRCode(“string value obtained from
      scanning QR code”)
    5. Call model.enroll(_ qrCode:) to enroll account data to the server.

      After you receive a successful response, call model.createAccount(_ qrCode:) if you are creating an account or call model.updateAccount(_ qrCode:) if updating data for an existing account.

    Now that you have set up QR code enrollment, end users can use the QR code to enroll their devices.

  3. Set up URL enrollment. (Skip this step if you set up QR code enrollment.)

    For the best customer experience, use QR code enrollment. URL enrollment is useful if end users don't have a desktop. Also, if you don't want to introduce a third-party library to read the QR code image, then URL enrollment is available for your use.

    In the following steps, you will add the code that enrolls end user accounts into their devices.

    1. Open the Identity Platform enrollment realm in a Webview application browser.

    2. Set up a WKWebView, which will present the web page for URL enrollment.

    3. Create a UrlEnrollmentViewModel.

    4. After the user has authenticated, the cookies need to be passed as a parameter.

      In the WKNavigationDelegate method webView(_:didFinish:), create the EnrollmentCookies to be used to create/update an account.

      let websiteDataStore = WKWebsiteDataStore.default()
      websiteDataStore.httpCookieStore.getAllCookies({ allCookies in
          let enrollmentCookies = SecureAuthFramework.EnrollmentCookies(allCookies)
      })
      let host = WebView.url?.host
    5. Create a UrlEnrollmentRequest and call model.enroll, passing the current webView and UrlEnrollmentRequest to the enroll function.

      If let url = WebView.url {
      let request = UrlEnrollmentRequest(url, device: secureAuth.deviceUtil, application: secureAuth.applicationUtil)
          do {
              try model.enroll(WebView, request: request)
          } catch {
              // handle error appropriately
          }
      }
    6. With the UrlEnrollmentViewModel created above, call model.createAccount or model.updateAccount and pass the enrollmentCookies, host, and url parameters to create or update the account in the database.

    Now that you have set up URL enrollment, you can give the URL for the enrollment realm to end users so they can use it to enroll their devices.