Mobile Components

Onboarding Users

Note: Onboarding component is the main component which includes all mandatory files packaged during packaging of the component. The NFI provided with this version is built with Version 3.0.

Mandatory Server Settings	HOST	<HID Authentication Service Host> (e.g., test123.aaas.hidcloud.com)
	TENANT	<HID Authentication Service Tenant Id> (e.g., tf98f45g90843781907)
	KONY_APP_KEY	<App key of the fabric application> (e.g., h728h89031832jdy9292)
	KONY_APP_SECRET	<App secret of the fabric application> (e.g., 89bv2894673792003jy2)
	SERVICES_URL	https://<temenos-cloud-host>/services (e.g., https://hidglobaltest.temenoscloud.com:443/services)
	ACTIVATION_CODE_AUTHTYPE	<Activation Code Authenticator if other than AT_ACTPWD>
	PASSWORD_AUTHTYPE	<Static Password Authenticator if other than AT_STDPWD>
	DEVICE_TYPE	<Device type to be used for HID Approve if other than DT_TDSV4B>
	API_VERSION	<This server property defines the API version for the Authentication Service and Appliance, ensuring that updated APIs are used. (The default value is 10 for Authentication Service and 3 for Appliance.)>
	IS_MFA_REQUIRED	<This setting enables the user to activate/deactivate the Multi-factor authentication (MFA)> (Default: true)
	CACHE_EXPIRY_TIME	120 (by default)

View Sample Server Settings

Minimum Supported Versions of the OS

Operating System	Minimum Supported Versions
Android	Android 13
IOS	IOS 10

Mandatory File	sdkNotificationManager.js	It is mandatory for Approve push notification handling from Temenos Temenos Digital Component. It will register the device and handle all the notification callbacks. Note: The component is using HID Approve SDK 5.13. Steps to add sdkNotificationManager.js file to project: Copy sdkNotificationManager.js file from path com.hid.MobileApproveSDK\component\resources\common Paste it to path ${project-Folder} \modules. Call registerNotifications function from App - Pre AppInit
Mandatory File	Manage Native Function Interface (NFIs)	Visualizer steps to add NFIs: Open Visualizer. Go to Edit > Manage Native Function API(s). Import NFI if not there under IOS/Android If already added and disabled, then Enable IOS: Android: Note: Add the HID_APPROVE_SDK.aar file and ApproveSDKWrapper.JAR (from the resources folder) under the project structure (Visualizer tool). The Online components which HID shares does not have SDK NFI for IOS. It should be build by partners.

Note: The component is using HID Approve SDK 5.13

Component Properties

S.No.	Property Name	Purpose
1	isRMSEnabled	<ON/OFF options to enable or disable the RMS. ON means RMS is enabled; OFF means RMS is disabled>
2	MFA	<MFA options for SMS or Email> The configured MFA will be called for medium risks.
3	isRMSReadOnly	<ON/OFF options to enable RMS in Read-Only Mode. ON means RMS is in ReadOnly mode; OFF means RMS is enabled. The default value is always OFF >. If this field is ON → RMS will just record the user's behavior, but it won't perform any STEP-DOWN operations, all operations would be always STEP-UP.
4	tmCookieTag	<cookie value associated with and provided by RMS>, mandatory field. This identifier is issued by RMS. Each new device used by the user to access the protected application will be tagged by RMS. This attribute is mandatory and should be always sent.
5	tmCookieSid	<cookie value associated with and provided by RMS>, mandatory field. This identifier is issued by RMS and serves as a unique identification of a user's session. Its value is persistent throughout the whole session and is stored as a cookie pair.
6	otpLabel	This determines the type of OTP need to be generated internally for login process.
7	provisionMode	This determines what would be the mode for user registration. currently supported modes are Activation Code or QR Code.

Onboarding Component Functions

checkBioAvailablityPublic	This function checks for biometric availability on device.
	Parameters	N/A
	Return Type	Boolean

setBioStatusToEnable	This function sets biometric state to enable for device explicitly.
	Parameters	Password (String)
	Return Type	Callback function (bioStatusCallback)

setBioStatusToDisable	This function sets biometric state to disable for device explicitly.
	Parameters	N/A
	Return Type	Void

getPinRemainingDays	This function checks for remaining days left for PIN expiry.
	Parameters	N/A
	Return Type	Int

getKeyProfileAge	This function checks for remaining days left for container expiry.
	Parameters	N/A
	Return Type	getProfileAge(string)

renewContainer	This function renews container before its expiry.
	Parameters	Password (String)
	Return Type	Callbackfunction(renewContainercallback,renewContainerExceptionCB)

Onboarding User - Flow Chart Representation

Onboarding Component Flow

There are two ways of onboarding a user:

Onboarding through Activation Code

On the first screen, user provides their Customer ID and Activation Code, then clicks LOGIN.
After successfully validating the activation code, the component displays the screen to create a PIN for the user then user enters and confirms a PIN and clicks CREATE.

Note: The PIN must comply with Password policy.
After successful PIN creation, it will ask user to set or skip biometric for login.
After user set the biometric or skip, it will ask user to set standard password for web login.
After user set the standard password or skip, Onboarding process gets completed and user gets redirected to Login page.

Onboarding through QR Scan

On selection of QR Scan, user gets a notification asking for permission.
User must choose one of these options:
- While using the app (Follow steps 4 to 8)
- Only this time (Follow steps 4 to 8)
- Don't allow (Follow only step 3)
On tapping Don't allow, user gets a notification to enable permission by opening the device settings.
If user clicks Yes
1. User gets navigated to the device settings page and modify the permissions.
2. Once permissions are assigned, user can open camera app in the mobile component and scan QR Code from the web application.
3. Then follow steps 5 to 8.
If user clicks No - Manual Onboarding
1. User gets navigated to Manual onboarding directly.
2. User must enter the Service URL, Username, and Invite Code from the web application - Manual registration
3. After successfully validating the Service URL, Username, and Invite Code, the component displays the screen to create a PIN for the user then user enters and confirms a PIN and clicks CREATE.
  
  Note: The PIN must comply with Password policy.
4. After successful PIN creation, it will ask user to set or skip biometric for login.
5. After user set the biometric or skip, it will show device registered successfully message.
6. Onboarding process gets completed and user gets redirected to Login page.
On tapping While using the app/Only this time, the user grants permission to the app and opens the camera app to scan QR Code.
After successful scanning of QR Code from web application, the component displays the screen to create a PIN for the user. User enters and confirms a PIN and clicks CREATE.

Note: The PIN must comply with Password policy.
After successful PIN creation, it will ask user to set or skip biometric for login.
After user set the biometric or skip, it will show device registered successfully message.
Onboarding process gets completed and user gets redirected to Login page.

Pre-Login Screen

Once a user successfully onboarded, user can view the pre-login screen as given below.

Offline - OTP generation for Transaction Signing

This feature will generate secure code for performing the Offline Transaction Signing through Web Channel, even if there is no internet on mobile. This works as an offline mode.

Functional Flow:

User must click on the Fund Transfer option on the pre-login screen.
User needs to enter the same three fields that were entered on the Web channel that is Transfer Funds To, Amount and Remarks. Then click Generate OTP.
On clicking Generate OTP, a message will be prompted to confirm the fund transfer, click CONFIRM.
A screen will popup to enter PIN or biometrics.
After entering the correct PIN or biometrics, screen will display a secure code, which is displayed for one minute and then disappears.

Note: The generation of secure code for Fund Transfer is a public method (signTransaction) which is a part of TransactionSigningMobileSDK Component.

Public Functions

Functions	Descriptions
getSecureCode	This function can generate a secure code for login, which is a part of the MobileApproveSDK component. Parameters : → username Return Type : → otp
signTransaction	This function can generate a secure code for Fund Transfer which is a part of TransactionSigningMobileSDK component. Parameter : → {toAccount, amount, remarks} Return Type : → otp

Functions

Descriptions

getSecureCode

This function can generate a secure code for login, which is a part of the MobileApproveSDK component.

Parameters : → username

Return Type : → otp

signTransaction

This function can generate a secure code for Fund Transfer which is a part of TransactionSigningMobileSDK component.

Parameter : → {toAccount, amount, remarks}

Return Type : → otp

Onboarding Component Services

Object Services

ServiceName	DataModel	Mapping	Purpose	Input Parameters	Invoking
HIDObjects	ActivationCodeValidation	validateActivationCode	Validate the user's activation code.	filter (username), username, activationCode, authType	OnboardingValidation > ValidateUser
HIDObjects	AddPasswordAuthenticator	addPasswordAuthenticator	Add a static password authenticator to the user.	username, userId, password, authType	ScimAPIsOrg > addPasswordAuthenticatorInt
HIDObjects	ApproveDeviceRegistration	getInviteCodeTDSV4B	Provision the HID Approve device to the user and get the invite code to add the HID Approve device.	UserId, username, usernameWithRandomNo	PushDeviceRegistrationOrch > getInviteCode TDSV4B
HIDObjects	PasswordPolicy	getPasswordPolicy	Gets the policy for Static Password Authenticator	none	ScimAPIs>getPasswordPolicy
HIDAuthService	OTPRequest	sendOTPLogin	Send the OTP(SMS/Email) to the user.	username, AuthenticatorType (AT_OOBSMS/AT_OOBEML)	OTPServices > sendOOBLogin

Fabric Services

Names	Operation Name	Service Type	Description
ClientIdentity	-	Identity	Fetches Client Bearer Token
CustomHIDLogin	-	Identity	Used for validating secure code which is created internally
ActivationCodeService	Login	Integration	Authenticates the Activation Code
ClientAuthIdentityWrapper	getClientBearerToken	Integration	IntegrationWrapper of ClientIdentity
DeviceProvisionJava	GetProvisonMsg	Integration	Fetches the Invite Code
HIDApproveInitiation	Initiate	Integration	Sends an HID Approve Push notification to the user's registered device.
ScimAPIs	SearchUser	Integration	Searches for the user.
ScimAPIs	getActivationCodeAuthenticator	Integration	An exclusive getAuthenticator service for the ValidateUser Orchestration service. This service does not work alone so use the getAuthenticator instead.
ScimAPIs	getPasswordPolicy	Integration	Provides the Password policy
ScimAPIsOrg	addPasswordAuthenticatorInt	Integration	Adds a Password Authenticator.
PushDeviceRegistrationOrch	getInviteCode TDSV4B	Orchestration	Provisioning Push Device
HIDIdentityService	login	Integration	Identity service endpoint
HIDIdentityService	secondFactorLogin	Integration	Identity service endpoint for MFA
OTPServices	sendOOBLogin	Integration	To send the OTP through SMS/EML
ResetUser	getUserDetails	Integration	This service is used to get the user's details.
ResetUser	DeleteEndUser	Integration	This service is used to delete the user.
ResetUser	CreateUser	Integration	This service is used to create the user.
ResetUser	AddActivationCodeAuthenticator	Integration	This service is used to add the activation code to the user.
ResetUserOrch	reset	Orchestration	This service is used to delete the user, create a user, and add an Activation code to the user.

Java Services

Service Name	Purpose	Dependencies	Called by (Service Name-Operation)
DeviceProvision	Java service to send the Device Provisioning request for HID Approve device registration and process the response to send the provisioning message.	You need to configure following Server Properties: HOST TENANT SERVICES_URL	DeviceProvisionJava-getProvisonMsg

Service Name

Purpose

Dependencies

Called by (Service Name-Operation)

DeviceProvision

Java service to send the Device Provisioning request for HID Approve device registration and process the response to send the provisioning message.

You need to configure following Server Properties:

HOST
TENANT
SERVICES_URL

DeviceProvisionJava-getProvisonMsg

Transaction Signing Component

Mandatory Server Settings	KONY_APP_KEY	<App key of the fabric application> (e.g., h728h89031832jdy9292)
KONY_APP_SECRET	<App secret of the fabric application> (e.g., 89bv2894673792003jy2)

Mandatory Server Settings

KONY_APP_KEY

(e.g., h728h89031832jdy9292)

KONY_APP_SECRET

(e.g., 89bv2894673792003jy2)

View Sample Server Settings

Mandatory File	sdkNotificationManager.js	It is mandatory for Approve push notification handling from Temenos Digital Component 10.0. It will register the device and handle all the notification callbacks.

Note: The component is using HID Approve SDK 5.13

Transaction Signing Component Properties

S.No.	Property Name	Purpose
1	username	This property is used to set the username to the component.

Transaction Signing Component Functions

signTransaction	This function executes with input values and perform transaction.
	Parameters	Values (Array)
	Return Type	CallbackFunctions (pwdPromtCallback, SCB_signTransaction, FCB_signTransaction)

validatePassword	This function validates pin entered to check for authentication before proceeding with transaction.
	Parameters	password(string), mode(string)
	Return Type	void

updatePassword	This function used to update pin in-case, pin is expired or about to get expired.
	Parameters	oldPwd(string), newPwd(string)
	Return Type	CallbackFunction (exceptionCallback)

Transaction Signing Component Flow

On the first screen, user provides their Customer ID and PIN, then clicks LOGIN.
After successful authentication, from the dashboard, user must click on Fund Transfer option on the bottom navigation menu.
This will takes user to the Fund Transfer page. The user must enter an account number of whom to Transfer Funds To, Amount and Remarks. Then click Transfer.

Important: Not filling of any mandatory text field will leads to the respective error.
A message will be prompted to confirm the fund transfer, click CONFIRM.
After confirming, user must enter his/her PIN and click SUBMIT to proceed transaction.
Transaction success page will be appeared which the confirms user's transaction.

Transaction Signing Component Services

Object Services

ServiceName	DataModel	CustomVerb	Purpose	Input Parameters	Invoking
HIDTransactionSigning	SignatureValidation	validateSignature	Offline transaction signing that validates the Transaction details.	username, password (Secure Code), authType (Default) ClientID (Default)	HIDChallengeValidationService > signatureValidation

ServiceName

DataModel

CustomVerb

Purpose

Input Parameters

Invoking

HIDTransactionSigning

SignatureValidation

validateSignature

Offline transaction signing that validates the Transaction details.

username,

password (Secure Code),

authType (Default)

ClientID (Default)

HIDChallengeValidationService > signatureValidation

Fabric Services

Names	Operation Name	Service Type	Description
ClientIdentity	-	Identity	Fetches the Client Bearer Token
ClientAuthIdentityWrapper	getClientBearerToken	Integration	IntegrationWrapper of ClientIdentity
HIDChallengeValidationService	signatureValidation	Integration	Validates the transaction details with the Secure Code obtained from the HID Approve app.

Approve Notification Component

Mandatory File	sdkNotificationManager.js	It is mandatory for Approve push notification handling from Temenos Digital Component 10.0. It will register the device and handle all the notification callbacks.

Note: The component is using HID Approve SDK 5.13

Approve Notification Component Properties

S.No.	Property Name	Purpose
1	transactionID	This property is used to set the transaction ID to the component.

Approve Notification Component Functions

showAuthentication	This function shows the authentication to open transaction details.
	Parameters	N/A
	Return Type	CallbackFunction (retriveTransactionCallback)

retrieveTransactionIds	This function fetches the pending notifications.
	Parameters	N/A
	Return Type	CallbackFunction (onRecievedNotificationsCallback)

getContainerRenewableDate	This function will indicate the remaining days for container renewal.
	Parameters	N/A
	Return Type	Integer

Note:

Configuring Dynamic Push Notifications with sdkNotificationManager.js

When creating dynamic push notifications using sdkNotificationManager.js, include the appName in the body to trigger pop-up notifications.

For example,

Copy

"appName" is included in this request body

var notificationComponent = new com.hid.ApproveNotificationMobileSDK( 

    { 
      "clipBounds": true, 
      "id": "ApproveNotificationMobileSDK", 
      "appName" : "AuthenticationMA", 
      "isVisible": true, 
      "left": "0dp", 
      "top": "0dp", 
      "width": "100%", 
      "height": "100%", 
      "zIndex": 200 
    }, {}, {});

Approve Notification Component Flow

In this flow, after successful on-boarding on mobile application with standard password enabled, If user authenticates into web application with the standard internet password, then user will get notification in his/her mobile application rather than the HID Approve application.

Note: To be able to get notifications on our application we need to add bundle server id from FCM project in sdkNotificationManager.js file. Link for the complete process for adding application to FCM project : Migration from GCM to FCM (kony.com)

The user receives Transaction Approved prompt, if Approve is pushed.

If Deny is pushed, the user will receive Transaction Denied prompt.

Note: All components mentioned above are implemented using HID Approve SDK 5.13 and functionality can be checked through the HID Global - Major Bank app.

MobileUserManagement Component

MobileUserManagement Component Properties

S.No.	Property Name	Purpose
1.	username	Username for the user to manage the device and other settings.
2.	isRMSEnabled	Indicates whether RMS is enabled.

MobileUserManagement Component Functions

loadUserManagement
	Parameters	sessionId, deviceId, and userName
	Return Type	void

unassignDevice
	Parameters	deleteDeviceId
	Return Type	Component Services

MobileUserManagement Component Flow

After logging in, users can access User Management under Settings.
A list of registered devices will be displayed.
Select the device to manage.

A popup will appear (see below image).
Choose the desired operation.
1. Edit Friendly Name:
  1. Enter the new friendly name.
  2. Confirm with your app's login credentials (PIN, password, secure code, or OTP, as configured).
  3. Click Submit.
  4. A success message will appear.
2. Suspend Device: Suspends the selected device.
3. Delete Device: Deletes the selected device. This action is only available if there are two or more registered devices. A warning will appear if only one device is registered.

Self-Service Component Services

Object Services

ServiceName	DataModel	Mapping	Purpose	InputParams	Invoking
HIDUserManagement	PasswordPolicy	getPolicy	Get the password policy instructions.	authType	AuthenticatorPolicy> getPasswordPolicy
HIDUserManagement	RegisterDevice	getProvisioningMsg	Register a new device for the user.	userName, DeviceId, usernameWithRandomNo	ApproveDeviceRegistrationOrch > getInviteCode
HIDUserManagement	SearchDevices	SearchDevices	Display the user's devices.	username, userId	SearchDevices > searchDevices
HIDUserManagement	UpdateDeviceName	updateFriendlyName	Update the device friendly name.	deviceId, friendlyName	UserManagementService > updateDeviceFriendlyName
HIDUserManagement	UpdateDeviceStatus	updateDeviceStatus	Update the device status.	deviceId, status	ScimAPIs > updateDeviceStatus
HIDUserManagement	AssignUnassignDevice	assignUnassignDevice	Unassign the device before deleting it.	username, deviceId, status	AssignUnassignDevice > assignUnassignDevice
HIDUserManagement	DeleteDevice	deleteDevice	Delete the selected device.	deviceId	DeleteDevice > deleteDevice
HIDUserManagement	ValidatePassword	validatePassword			PasswordAuthServices > passwordValidation
HIDUserManagement	ValidateSecureCode	validateOTPAuth			OTPAuthServices > validateOTPAuth
HIDAuthService	ValidatePassword	validatePassword	Validate the password.	username, password	PasswordAuthServices > passwordValidation
HIDAuthService	ValidateOTP	validateOtp	Second factor check to validate the OTP.	username, password, authType	OTPServices > validateOOB
HIDAuthService	OTPRequest	sendOTP	To send the OTP for registered mobile number.	username, AuthenticationType	OTPServices > sendOOB

HID Fabric Services

Names	Operation Name	Service Type	Description
UserManagementService	SearchUser	Integration	Performs a user search.
UserManagementService	getPasswordPolicy	Integration	Displays the Password policy.
SearchServices	SearchUserAuth	Integration
SearchServices	SearchDeviceAuth	Integration
SearchDevices	searchDevices	Orchestration
ScimAPIs	createNewDevice	Integration	Creates a new DeviceId.
ScimAPIS	updateDevice	Integration	Updates the owner of the device during HID Approve device registration request
DeviceProvisionJava	getProvisonMsg	Integration	Java code to generate a device provisioning message.
UserManagementService	updateDeviceFriendlyName	Integration
ScimAPIs	updateDeviceStatus	Integration
AssignUnassignDevice	assignUnassignDevice	Integration	Assign or unassign a device.
DeleteDevice	deleteDevice	Integration	Delete a device associated with the provided deviceId.
OTPServices	sendOOB	Integration	Sends an OOB (SMS/Email) OTP to the user.
OTPServices	validateOOB	Integration	Validates the OOB (SMS/Email) OTP.
PasswordAuthServices	passwordValidation	Integration	Validates the user's static password.
AuthenticatorPolicy	getPasswordPolicy	Integration	Provides the Password policy.