Account enrollment

You can enroll end users with a URL workflow or a QR code workflow. Both workflows provide end users with the same authentication functionality.

This is how the account enrollment workflow works:

  • Your end users are already in the data store configured in the Identity Platform to authenticate users.

  • Now you will use the Mobile SDK to take the account data and present the Webview client (for URL enrollment) or camera view (for QR code enrollment).

  • The Mobile SDK is dependent on a properly configured Identity Platform.

  • User completes either QR code or URL enrollment on their device. The Mobile SDK then obtains their account data and saves it to their device.

View an example of how end users could enroll with a QR code or enroll with a URL from their app. The examples show the SecureAuth Authenticate app, but they will give you an idea of what to expect.

  1. Set up an enrollment realm in the SecureAuth Identity Platform.

    This sets up the app enrollment page with a URL or QR code workflow. End users then use the workflow to connect to their profile so they can enroll and set up their accounts for your app.

    Set up a Multi-Factor App Enrollment (URL) realm configuration.

    Set up a Multi-Factor App Enrollment (QR code) realm configuration.

  2. Set up QR code enrollment.

    QR code enrollment offers users the most frictionless customer experience.

    1. End users will set up their devices by opening the Identity Platform QR enrollment realm (set up in step 1) in one device (laptop, tablet), and then scanning the QR code in the mobile device they are enrolling.

      The following steps validate the QR code from the camera, then use a camera library to read the QR code.

      You can select the camera library to use, such as zxing or CameraX.

    2. Create a QRAccount and then use the Enrollment class to finish the enrollment.

      Be sure to call the isValidQR function before calling finishEnrollment to ensure the QR code scanned is valid.

      // Validate the input from the camera using isValidUri() to analyze the QR code data.
      fun isValidQR(rawValue: String): Boolean {
        return QRAccount.isValidUri(rawValue)
      }
       
      // Use a camera library to read the QR code.
      fun finishEnrollment(qrUri: Uri) {
        // Create a QRAccount.
        val qrAccount = QRAccount(qrUri)
        // enroll the QRAccount
        Enrollment.enroll(requireContext(), qrAccount, object : Enrollment.OnEnrollmentListener {
          override fun onError(enrollmentError: EnrollmentError, message: String?) {
            // Error varies depending on your SDK configuration.
            // QR_EXPIRED, OAUTH_ERROR, UNSECURE_DEVICE, NETWORK_ERROR
          }
       
          override fun onSucceed(account: Account) {
            // Account was successfully enrolled into the device.
          }
        })
      }

    where:

    • fun finishEnrollment(qrUri: Uri)

      The value of the QR code. Call the function and introduce the QR code URI.

    Now that you have set up QR code enrollment, end users can use the QR code to enroll their devices.

  3. Set up URL enrollment. (Skip to step 3 if you want to set up QR code enrollment.)

    For the best customer experience, use QR code enrollment. URL enrollment is useful if end users don't have a desktop. Also, if you don't want to introduce a third-party library to read the QR code image, then URL enrollment is available for your use.

    In the following steps, you will add the code that enrolls end user accounts into their devices.

    1. Open the Identity Platform enrollment realm in a Webview application browser.

    2. Create a SecureAuthWebViewClient, which will process all communication with the SecureAuth web page.

      The SecureAuthWebViewClient is a listener that will notify different events through a callback interface.

      After onEnrollmentSuccess has run, create a URLAccount, then run the enrollment with the Enrollment class.

      fun inflateView() {...
       
        // Create and assign the SecureAuthWebViewClient
        val wbClient = SecureAuthWebViewClient(url, webViewCLientListener)
        webview.webViewClient = wbClient
        webview.load(url)
       
      ...
      }
       
      private val webViewCLientListener = object : SecureAuthWebViewClient.Listener {
        override fun onEnrollmentSuccess(accountBundle: Bundle) {
          // Enroll URL account
          val urlAccount = URLAccount(accountBundle)
          enrollUrlAccount(urlAccount)
        }
       
        override fun onEnrollmentCancel(reason: String) {
          // Abort enrollment
        }
       
        override fun onPageFinished(url: String?) {
          // On Webview page finished loading
        }
       
        override fun onWebError(errorCode: Int, description: String) {
          // On Webview error
        }
       
        override fun onSslError(error: SslError?) {
          // On SSL error
        }
      }
       
      fun enrollUrlAccount(urlAccount: URLAccount) {
        Enrollment.enroll(context, urlAccount, object : Enrollment.OnEnrollmentListener {
          override fun onError(enrollmentError: EnrollmentError, message: String?) {
            // Error varies depending on your SDK configuration
            // OAUTH_ERROR, UNSECURE_DEVICE, NETWORK_ERROR
          }
       
          override fun onSucceed(account: Account) {
            // Account was successfully enrolled into the device
          }
        })
      }

    Now that you have set up URL enrollment, you can give the URL for the enrollment realm to end users so they can use it to enroll their devices.

Next steps

Notifications and services