Enrollment
Before being able to use authenticate a user in your application using Futurae, you must first enroll the user and one or more of his devices in Futurae. This section describes how to enroll (aka activate or register) users and their devices in Futurae using the Auth API.
There are different types of devices, offering different authentication technologies and capabilities and depending on the type of device the enrollment process may vary.
The following cases are discussed below:
Mobile App Enrollment
Before being able to use authentication for a user of your application, you must first enroll the user and his mobile device on the Futurae server. Each user can have multiple enrolled devices, but he must have at least one enrolled device in order to be able to use authentication. For most authentication factors, such as Approve, the Futurae mobile app (or your app which has the Futurae SDK integrated) has to be installed on the user’s device and paired with that user’s account.
The following flowchart illustrates the basic steps for performing enrollment using a Mobile app:
In summary, you have to take the following steps:
Instruct the user to install the Futurae mobile app (or your mobile app which has the Futurae SDK integrated) on his device, in case he does not already have the application installed.
Call /user/enroll (in particular either Enroll New User with Mobile Device or Enroll New Mobile Device for Existing User) and display to the user the activation QR code. The QR code can be retrieved and displayed using two alternatives:
Through the
activation_qrcode_data_uriresponse key which contains the PNG image of the QR code inlined in data URI format. This is the recommended way.If for some reason you cannot make use of the data URI option, you can alternatively use the URL contained in the
activation_qrcode_urlresponse key to retrieve the PNG image of the QR code.
The user uses the camera of his device in order to scan the QR via the Futurae app.
Alternatively, if the user is performing the enrollment process from the mobile device on which he installed the app, he can tap on the link provided by the
activation_code_uriresponse key, which will automatically invoke the Futurae mobile app. In both cases, and if the user’s device has internet connectivity, the device will be enrolled and associated with the particular user.If you supplied a
success_callback_urlin /user/enroll you will automatically be notified via the callback once the enrollment completes successfully. Alternatively, you can poll the progress of the enrollment with the /user/enroll_status endpoint.
Hardware Token Enrollment
Before you are able to use a Hardware Token for authenticating a user in Futurae, you need to assign the token to the user. Overall, the process is straightforward and the assignment operation can be completed with a simple API call. Refer to Enroll New User with Hardware Token and Enroll New Hardware Token for Existing User on how to achieve this.
Phone Number Enrollment
In order to use SMS passcodes as an authentication factor, a user first needs to enroll the phone number of his device. In this case the enrollment process is slightly different, as it does not involve the Futurae mobile app:
Call /user/enroll (in particular either Enroll New User with SMS Device or Enroll New SMS Device for Existing User) and supply the
phone_numberparameter.Use the
device_idcontained in the response (which is associated with the above supplied phone number) to send a verification SMS code to the registered phone number using /user/sms_activation. In order to verify the code supplied by the user, the same endpoint can be used (refer to the API doc for details on the format of the request). If the code is correct then the particular phone number is considered enrolled with this user and can be used for sending SMS passcodes (“sms” factor in /user/auth).
