Mobile Components

Onboarding Users

Note: Onboarding component is the main component which includes all mandatory files packaged during packaging of the component. The NFI provided with this version is built with Version 3.0.

Component Overview

Component Package

com.hid.mb.MobileApproveSDK

User Interface

Yes, Onboarding screen will be added based on the onboarding mode(Activation code or QR scan) selected.
Platforms Supported Mobile
Functionality This component is used for user onboarding, Login ,Secure code generation, Renew container, Delete container, and Password Expiry.
Dependent Components
  1. Com.hid.md.mobileApprovePinPopUp

  2. Com.hid.mb.loginUsername

  3. Com.hid.qrcodescanner

  4. Com.hid.mb.MobileUserManagement

  5. Com.hid.mb.MobileUserManagementPinPopup

  6. Com.hid.rms.mb.nonFinancialWithoutUI

Available from Version 12.0.0

Server and Client App Settings

Mandatory Server Settings

HID_HOST

<HID Authentication Service Host>

(e.g., test123.aaas.hidcloud.com)

HID_TENANT

<HID Authentication Service Tenant Id>

(e.g., tf98f45g90843781907)

HID_KONY_APP_KEY

<App key of the fabric application>

(e.g., h728h89031832jdy9292)

HID_KONY_APP_SECRET

<App secret of the fabric application>

(e.g., 89bv2894673792003jy2)

HID_SERVICES_URL

https://<temenos-cloud-host>/services
(e.g., https://hidglobaltest.temenoscloud.com:443/services)

HID_ACTIVATION_CODE_AUTHTYPE

<Activation Code Authenticator if other than AT_ACTPWD>

HID_PASSWORD_AUTHTYPE

<Static Password Authenticator if other than AT_STDPWD>

HID_DEVICE_TYPE

<Device type to be used for HID Approve if other than DT_TDSV4B>
HID_API_VERSION

<This server property defines the API version for the Authentication Service and Appliance, ensuring that updated APIs are used. (The default value is 10 for Authentication Service and 3 for Appliance.)>

HID_IS_MFA_REQUIRED

<This setting enables the user to activate/deactivate the Multi-factor authentication (MFA)>

(Default: true)

HID_CACHE_EXPIRY_TIME 120 (by default)
HD_OOB_SMS_OTP_AUTHTYPE OOB SMS Authenticator (if other than AT_OOBSMS).
HID_OOB_EMAIL_OTP_AUTHTYPE OOB Email Authenticator (if other than AT_OOBEML).
HID_ACT_EXPIRY_IN_DAYS Sets the expiration period for the Activation Code Authenticator in days. Default: 1.
HID_IS_GATEWAY_ENABLED

Determines who sends the OTP:

  • True – HID generates and sends the OTP.

  • False – HID generates the OTP, but Infinity sends it.

HID_IS_APPLIANCE

Indicates whether HID is hosted as an Appliance or in the Cloud.

Example: True (Appliance).

HID_SMS_DEVICE_TYPE

Device type for SMS.

Default Value: DT_OOBSMS.

HID_EMAIL_DEVICE_TYPE

Device type for Email.

Default Value: DT_OOBEML.

Mandatory Client App Settings HID_IS_APPLIANCE <HID is hosted in Appliance or Cloud.> (e.g., true if HID is hosted on Appliance)
HID_KEY_EXPIRY_ALERT <Configure 20% of the total profile expiry duration.>
HID_MANDATORY_KEY_EXPIRY_ALERT 5 <This property defines the number of days prior to profile expiry when a mandatory ‘Renew Profile’ popup should be displayed to the user on the dashboard screen.>
HID_PIN_EXPIRY_DAYS 179 < Configure the total number of days before the PIN expires.>

View Sample Server Settings

Minimum Supported Versions of the OS

Operating System Minimum Supported Versions

Android

Android 13

IOS

IOS 10

Mandatory File

sdkNotificationManager.js

It is mandatory for Approve push notification handling from Temenos Digital Component. It will register the device and handle all the notification callbacks.

Manage Native Function Interface (NFIs)

Note: The component is using HID Approve SDK Android 6.1.0 and iOS 6.0.2

Component Properties

Property Name  Purpose 

isRMSEnabled

<ON/OFF options to enable or disable the RMS. ON means RMS is enabled; OFF means RMS is disabled>

MFA

<MFA options for SMS or Email>

The configured MFA will be called for medium risks.

isRMSReadOnly

<ON/OFF options to enable RMS in Read-Only Mode. ON means RMS is in ReadOnly mode; OFF means RMS is enabled. The default value is always OFF >.

If this field is ON → RMS will just record the user's behavior, but it won't perform any STEP-DOWN operations, all operations would be always STEP-UP.

tmCookieTag

<cookie value associated with and provided by RMS>, mandatory field.

This identifier is issued by RMS. Each new device used by the user to access the protected application will be tagged by RMS. This attribute is mandatory and should be always sent.

tmCookieSid

<cookie value associated with and provided by RMS>, mandatory field.

This identifier is issued by RMS and serves as a unique identification of a user's session. Its value is persistent throughout the whole session and is stored as a cookie pair.

otpLabel This determines the type of OTP need to be generated internally for login process.
provisionMode This determines what would be the mode for user registration. currently supported modes are Activation Code or QR Code.

Onboarding Component Public Events

Event Name Description Parameters
handlePinPopUp Controls the visibility of the MobileApproveSDK component from the form controller. Boolean
resetSCUI Resets or updates the MobileApproveSDK UI widgets during Secure Code generation and Scan-to-Login flows.

Boolean

  • True – shows form level widgets and hides mobileApproveSDK component

  • False – vice versa

setMobileApproveSDKComponent Initializes the MobileApproveSDK component during application launch. N/A
enrolNewUser Triggered when the user selects the Enroll option within the HID component. N/A
handleFormBackGround Invoked during the Scan-to-Login flow. Manages the form UI scan to login process. N/A
onSuccessCB Callback executed upon successful login. Handles post-authentication navigation and success flow. N/A
handleProfileExpiryToastUI Public event to handle the profile expiry and PIN expiry toast message UI. State
goBackToFormNav Allows the form navigation logic to be controlled at the form controller level. N/A
Note: All other internal events are managed within the component , and only the required events are emitted to the form.

Onboarding Component Public Functions

Method Description Parameters

getLoginFlowPublic

Retrieves the container from the SDK.

Important: Use this method to initialize the SDK.
No payload is required
initiate Initializes the MobileApproveSDK component. No payload is required
setUsername Sets the current username in the component controller. username – Current logged-in or entered username
resetMobileApproveCompUI Resets the MobileApproveSDK component UI to its default state. True / False
checkBioAvailablityPublic Checks biometric availability status for the given user. username
setBioStatusToEnable This function sets biometric state to enable for device explicitly. N/A
setBioStatusToDisable This function sets biometric state to disable for device explicitly. N/A
showPinPopUp Displays the PIN authentication popup during Secure Code generation or Login flow.
  • username – Current user

  • selectedFlow – (Secure Code / Login)

  • biometricAvailability – Boolean status

contextSwitch Switches the UI between different flows within the component. flowName – Target flow identifier
mapScanQRMethod Handles component UI configuration for Scan-to-Login and QR-based onboarding. flowName – Specifies QR flow type (Login / Onboarding)
getDeviceProperty Retrieves device-specific information from SDK. N/A
getUsername Returns the username associated with the current active session. N/A
showPinPopUp

Handles PIN validation for login, secure code generation, and other secure operations.

  • Triggered when PIN validation is required

  • Used as a common method across multiple authentication scenarios

 

  • Username – Current session username

  • Flow Type – Specifies the flow (e.g., Login, Generate Secure Code, etc.)

  • Biometric Status – Indicates whether biometric authentication is enabled

generateLoginOTP Generates a OTP for login authentication N/A
mapScanQRMethod Handles component UI configuration for Scan-to-Login and onboarding processes. Flow Type(scan to login or onboarding)
startScannerToLogin Starts the QR scanning process required for login authentication. N/A
getDefinedExpiryAlert Invoke this method to determine whether the user's PIN or password is approaching expiration. This method manages the display of PIN/password expiration notification toast messages. N/A
getPinRemainingDay This function checks for remaining days left for PIN expiry. N/A
getKeyProfileAge This function checks for remaining days left for container expiry. N/A
getSecureCode This function can generate a secure code for login, which is a part of the MobileApproveSDK component. Username, PIN
checkIsProfileRenewable Invoke this method to determine whether the user profile is eligible for renewal or approaching expiration. This method manages the display of profile expiration notifications, including toast messages and mandatory pop-up alerts. N/A
renewContainer This function renews container before its expiry. N/A
deleteContainer Deletes the user profile (container) from the device. N/A

Onboarding User - Flow Chart Representation

Onboarding Component Flow

There are two ways of onboarding a user:

Pre-Login Screen

Once a user successfully onboarded, user can view the pre-login screen.

Renew Profile / Container

In the HID SDK, profile renewal notifications are displayed based on the remaining validity period of the profile.

A profile renewal notification is displayed when the profile enters the last 20% of its validity period. If the profile is within 2 days or fewer are left before expiry, a mandatory profile renewal notification is displayed, requiring the user to renew the profile before it expires.

Delete Container without Authentication

The Delete Container feature allows the user to permanently remove their profile from the mobile banking application. The profile will be deleted after user confirmation without performing any authentication.

Important: This action removes the user from the current device. If the same user is registered on another device or uses the web application, they can continue to access their account and perform banking activities from those devices/platforms.
  1. On the application, click Delete Account.

  2. A "Remove Profile" confirmation screen is displayed, prompting the user to confirm the permanent deletion of their profile. An optional Reason field is also provided.

    Click on Remove Profile button to permanently delete the profile.

    Important: Removing your profile deletes all your data from the device and signs you out. To use the mobile banking application again, you must reactivate it, which may require verification or contacting your bank.

  3. A confirmation message is displayed once the profile has been removed successfully.

Delete Container with Authentication

The Delete Container feature allows the user to permanently remove their profile from the mobile banking application. The profile is deleted only after user confirmation and successful authentication using the configured verification method.

Important: This action removes the user from the current device. If the same user is registered on another device or uses the web application, they can continue to access their account and perform banking activities from those devices/platforms.
  1. On the application, click Delete Account.

  2. A "Remove Profile" confirmation screen is displayed, prompting the user to confirm the permanent deletion of their profile. An optional Reason field is also provided.

    Click on Remove Profile button to permanently delete the profile.

    Important: Removing your profile deletes all your data from the device and signs you out. To use the mobile banking application again, you must reactivate it, which may require verification or contacting your bank.

  3. After clicking remove profile, you will be prompted to authenticate using biometric (if enabled) or by entering PIN.

    Important: Ensure that biometric authentication is enrolled on the device and enabled during onboarding.

  4. After successful authentication, a confirmation message is displayed that the profile has been removed successfully.

Renew Password /PIN

This feature allows users to renew their mobile banking Password/PIN when it is about to expire.

Based on the configured policy, a notification message is displayed on the Dashboard when the user's Password/PIN is approaching expiry.

Important:
  • The Password/PIN expiry duration is configured by the bank in the Admin Portal based on business requirements. These settings are applied to the user during the onboarding process.

  • If the bank updates the expiry configuration later, the new settings will not apply to already onboarded users. The user must onboard again to receive the updated configuration.

  1. Click Update to open the Update Password/PIN screen.

  2. Enter the Current Password/PIN, then enter and confirm the New Password/PIN. Click Update to proceed.

  3. A confirmation message indicates that your Password/PIN has been updated successfully.

    You can now sign in to the application using your new Password/PIN.

Onboarding Component Services

Object Services

ServiceName DataModel Mapping Purpose Input Parameters Invoking

HIDObjects

ActivationCodeValidation

validateActivationCode

Validate the user's activation code.

filter (username), username, activationCode, authType

OnboardingValidation > ValidateUser

HIDObjects

AddPasswordAuthenticator

addPasswordAuthenticator

Add a static password authenticator to the user.

username, userId, password, authType

ScimAPIsOrg > addPasswordAuthenticatorInt

HIDObjects

ApproveDeviceRegistration

getInviteCodeTDSV4B

Provision the HID Approve device to the user and get the invite code to add the HID Approve device.

UserId, username, usernameWithRandomNo

PushDeviceRegistrationOrch > getInviteCode TDSV4B

HIDObjects

PasswordPolicy

getPasswordPolicy

Gets the policy for Static Password Authenticator

none

ScimAPIs>getPasswordPolicy

HIDAuthService OTPRequest sendOTPLogin Send the OTP(SMS/Email) to the user. username, AuthenticatorType (AT_OOBSMS/AT_OOBEML) OTPServices > sendOOBLogin
HIDObjects AddOOBAuthenticator addOOBAuthenticator Adds a OOB authenticator to the user.

AuthenticatorType,

UserId, IsPasswordRequired, correlationId

AddOOBAuthenticator > addOOBAuthenticator
HIDRMSService RMSSessionService sessionLogout Used to terminate the current user session.

Username,

Session,

Platform

RMSSessionService >sessionLogout
Utility CommunicationInformation getUserCommunicationInfo Fetch the Infinity user details such as email and MobileNumber to show on Screen when the OTP factres selected and used to send the OTP userName T24ISExtra (1.0).getUserCommunicationDetailsPreLogin

Fabric Services

Names Operation Name Service Type Description

HIDClientIdentity

-

Identity

Fetches Client Bearer Token

HIDUserLogin

-

Identity

Used for validating secure code which is created internally

HIDActivationCodeService

Login

Integration

Authenticates the Activation Code

HIDClientAuthIdentityWrapper

getClientBearerToken

Integration

IntegrationWrapper of ClientIdentity

HIDDeviceProvisionJava

GetProvisonMsg

Integration

Fetches the Invite Code

HIDApproveInitiation

Initiate

Integration

Sends an HID Approve Push notification to the user's registered device.

HIDScimAPIs

SearchUser

Integration

Searches for the user.

HIDScimAPIs

getActivationCodeAuthenticator

Integration

An exclusive getAuthenticator service for the ValidateUser Orchestration service. This service does not work alone so use the getAuthenticator instead.

HIDScimAPIs

getPasswordPolicy

Integration

Provides the Password policy

HIDScimAPIsOrg

addPasswordAuthenticatorInt

Integration

Adds a Password Authenticator.

HIDPushDeviceRegistrationOrch

getInviteCode TDSV4B

Orchestration

Provisioning Push Device

HIDIdentityService login Integration Identity service endpoint
HIDIdentityService secondFactorLogin Integration Identity service endpoint for MFA
HIDOTPServices sendOOBLogin Integration To send the OTP through SMS/EML
HIDResetUser getUserDetails Integration This service is used to get the user's details.
HIDResetUser DeleteEndUser Integration This service is used to delete the user.
HIDResetUser CreateUser Integration This service is used to create the user.
HIDResetUser AddActivationCodeAuthenticator Integration This service is used to add the activation code to the user.
HIDResetUserOrch reset Orchestration This service is used to delete the user, create a user, and add an Activation code to the user.

Java Services

Service Name Purpose Dependencies Called by (Service Name-Operation)

HIDDeviceProvisionJava

Java service to send the Device Provisioning request for HID Approve device registration and process the response to send the provisioning message.

You need to configure following Server Properties:

  • HOST
  • TENANT
  • SERVICES_URL

DeviceProvisionJava-getProvisonMsg

Self-Service Processors

Names Description Used by (ServiceName-Operation)

HIDIdentityServicePreProcessor

Validates the login payload and extracts TransactionId from Meta, caching it so the subsequent OTP send can be authorized. Rejects the request if TransactionId is missing. HIDIdentityService - login
SearchUserAuthPostProcessor Reads totalResults and user id from the search response and sets the UserExist request flag (true only when a user record is returned). HIDSearchServices -SearchUserAuth
ValidateUserPostProcessor On success generates an Auth_Key (UUID) and caches the userId hash for the next step; on sequence failure returns the activation-code error. (Orchestration entry post-processor.) HIDOnboardingValidation - ValidateUser
SearchUserPostProcessor Sets userExists from totalResults/active, and sets AuthExists true/false depending on whether the activation-code authType is present in the user's authenticators. HIDScimAPIs - SearchUser (within HIDOnboardingValidation)
ActivationCodeAuthentcatorPreProcessor Confirms the user and activation-code authenticator exist (else sets a "user/auth not exist" error) and applies ACTIVATION_CODE_AUTHTYPE. HIDScimAPIs - getActivationCodeAuthenticator (within HIDOnboardingValidation)
ActivationCodeAuthenticatorPostProcessor Enforces activation-code state: expired, consecutive-failed threshold (≥3), and already-consumed checks. HIDScimAPIs - getActivationCodeAuthenticator (within HIDOnboardingValidation)
ActivationCodeLoginPreProcessor Aborts if the prior orchestration step failed, applies ACTIVATION_CODE_AUTHTYPE, and sets the username for the activation-code login. HIDActivationCodeService - login (within HIDOnboardingValidation)
ActivationCodeLoginPostProcessor Marks validationStatus = success when an id_token is returned (and blanks it out); otherwise sets failure with "incorrect activation code". HIDActivationCodeService - login (within HIDOnboardingValidation)
GetInviteCodePreProcessor Validates Auth_Key/UserId against cache, sets the X-Correlation-ID header and the onboarding-flow flag. HIDPushDeviceRegistrationOrch - getInviteCode
GetInviteCodePostProcessor Returns device-provisioning details (deviceId/provisionMsg), clears the auth-key cache, and surfaces an error if provisioning failed. HIDPushDeviceRegistrationOrch - getInviteCode
AddOOBAuthenticatorPreProcessor Blocks if the password authenticator is not yet added, maps the OOB type → SMS/EML authType and device type, and nulls OOB_PIN when no password is required. HIDScimAPIsOrg - addOOBAuthenticator
AddSMSOOBAuthenticatorPostProcessor Verifies the OOB authenticator was activated, then searches the user's devices and updates the SMS OOB friendly name and start/expiry date. HIDScimAPIsOrg - addOOBAuthenticator
GetPasswordPolicyPostProcessor Normalizes passwordpolicy → passwordPolicy (case-insensitive) and flattens minLength, maxLength, minDiffChars, notSequence, notOldPassword, notUserAttribute, and disableThreshold into the response. HIDAuthenticatorPolicy - getPasswordPolicy
RMSBasePreprocessor

Builds the RMS/ThreatMark base request used for the session-logout

(RMS session teardown).

HIDRMSThreatMarkAPI - sessionLogout

Transaction Signing Component

Component Overview

Component Package

com.hid.mb.TransactionSigningMobileSDK

User Interface

Yes, Scan to pay and Pinpopup screens are added newly.

Platforms Supported Android & IOS
Functionality This component is used to perform Transaction Signing.
Available from Version 12.0.0

Server Settings

Mandatory Server Settings HID_KONY_APP_KEY

<App key of the fabric application>

(e.g., h728h89031832jdy9292)

HID_KONY_APP_SECRET

<App secret of the fabric application>

(e.g., 89bv2894673792003jy2)

View Sample Server Settings

Mandatory File

sdkNotificationManager.js

It is mandatory for Approve push notification handling from Temenos Digital Component 10.0. It will register the device and handle all the notification callbacks.
Note: The component is using HID Approve SDK 5.13

Transaction Signing Component Properties

Step-1: Import Component

Import the Transaction Signing component (com.hid.mb.TransactionSigningMobileSDK) into the project.

Step 2: Configure MFA Property

All the properties are mandatory and values should be set while invoking the component

S.No.  Property Name  Purpose 

username 

This property is used to set the username to the component.  

2

otpLabel

This property is used to generate the OCRA OTP.

(e.g., hotp or totp)

3

isRMSEnabled

This property is used to enable and disable the RMS.

(e.g., true or false)

Transaction Signing Component Functions

Public Methods for APPROVE Flow:

  • showQRScanner: Displays the QRSCAN screen for Scan to Pay feature.

  • showTSScreen: Displays the Mobile Transaction Signing Screen (Pin popup).

Transaction Signing – Scan To Pay Workflow

Mobile Transaction Signing Workflow

  1. Enter the payment details and click Transfer to initiates the payment on the Mobile channel.

  2. On the Transaction confirmation screen, review the payment details and click Confirm to proceed.

  3. The user is prompted for biometric authentication (Fingerprint/Face ID) or PIN verification, complete the authentication by using your biometric credentials or entering your PIN.

    Important:
    • If the user is blocked, a User Blocked popup is displayed with a Contact Support option.

    • If any API error occurs while validating the OCRA OTP during Transaction Signing, a Server Error popup is displayed with a Contact Support option.

    • If the service fails, a Transfer Failed popup is displayed.

  4. After successful authentication, you will receive a payment transfer success notification.

Transaction Signing Component Events

Important: Events must be subscribed from Form side.
Event name Description Parameters
showLoadingScreen Triggered to show loader during service calls. N/A
dismissLoadingScreen Triggered to dismiss loader. N/A
navigateToPreviousScreen Triggered to navigate to Previous screen. N/A
showPinPopupScreen Triggered to show Transaction Signing Component to show Pin Popup. True / False
contactSupport Triggered when the User Blocked or Server Error or Transfer Failed. -
enableDisableFormBg Raised when push threshold is reached. True / False
ogoutApp Triggered upon a password exception during the Update PIN operation has done. -
setHeaderVisibility Triggered upon a password exception during the Update PIN operation is invoked. True / False

Transaction Signing Component Services

Object Services

ServiceName  DataModel  CustomVerb  Purpose  Input Parameters Invoking 

HIDTransactionSigning 

SignatureValidation

validateSignature

Offline transaction signing that validates the Transaction details.

username,

password (Secure Code),

authType (Default)

ClientID  (Default)

HIDChallengeValidationService  > signatureValidation

Fabric Services

Names  Operation Name  Service Type  Description 

HIDClientIdentity 

Identity 

Fetches the Client Bearer Token.

HIDClientAuthIdentityWrapper 

getClientBearerToken 

Integration 

IntegrationWrapper of ClientIdentity.

HIDChallengeValidationService 

signatureValidation

Integration 

Validates the transaction details with the Secure Code obtained from the HID Approve app.

Transaction Signing Pre/Post Processors 

Names  Description  Used by (ServiceName-Operation) 
AddCorrelationIdPreProcessor Adds the correlation ID to the API request to keep track of flow. HIDChallengeValidationService  > signatureValidation
SigntaureValidationPreprocessor Updates custom AuthType if configured. HIDChallengeValidationService  > signatureValidation

Approve Notification Component

Component Overview

Component Package

com.hid.mb.ApproveNotificationMobileSDK

User Interface

Yes, New screens for Pending Notification and Push Notifications

Platforms Supported Android & IOS
Functionality This component is to handle the Push and Pending notifications with Approve/Deny/Report & Cancel features.
Available from Version 12.0.0
Mandatory File

sdkNotificationManager.js

It is mandatory for Approve push notification handling from Temenos Digital Component 10.0. It will register the device and handle all the notification callbacks.
Note: The component is using HID Approve SDK 5.13

Approve Notification Component Properties

S.No.  Property Name  Purpose 

transactionID

This property is used to set the transaction ID to the component.  

Approve Notification Component Functions

Function Name Purpose Parameters Return Type
showAuthentication This function shows the authentication to open transaction details. N/A

CallbackFunction

(retriveTransactionCallback)

retrieveTransactionIds This function fetches the pending notifications. N/A

CallbackFunction(onRecievedNotificationsCallback)

getContainerRenewableDate This function will indicate the remaining days for container renewal. N/A Integer
transactionCancel This function is used to cancel the transaction with reason cancel or suspicious. txID, message, reason,cancelCallback N/A
updateTDSContent This function is used to split the TDS value and pass the right string message in return. txID, tds N/A
retrieveTransaction This function is to get the notification message for txID. txID CallbackFunction (retriveTransactionCallback)
Note:

Configuring Dynamic Push Notifications with sdkNotificationManager.js

When creating dynamic push notifications using sdkNotificationManager.js, include the appName in the body to trigger pop-up notifications.

  • Update the Sender ID for the respective bundle identifiers.

  • Call the registerNotifications method from preAppInit (mandatory).

  • Ensure that pushconfig.xml and google-services.json are present in the workspace.

For example,

Copy
"appName" is included in this request body
var notificationComponent = new com.hid.ApproveNotificationMobileSDK( 
    { 
      "clipBounds": true, 
      "id": "ApproveNotificationMobileSDK", 
      "appName" : "HIDDigitalMA", 
      "isVisible": true, 
      "left": "0dp", 
      "top": "0dp", 
      "width": "100%", 
      "height": "100%", 
      "zIndex": 200 
    }, {}, {}); 

Approve Notification Mandatory Fabric Client Properties

S.No.  Property Name  Purpose 

HID_IS_APPLIANCE

Boolean Value (True/False)

Approve Notification Component Events

Event Name Description Parameters
onCompletion To handle the completion of notification. N/A
onUserBlocked To handle the user block status while performing the actions on notification (If Max Wrong Pin Attempts Reached). N/A

onUserUpdate

PINStatus

To handle the PIN expiry status while performing the actions on notification. N/A
Note: Events are handled within the component UI itself and only the required events are emitted to the form.

Security Notifications- Workflow

In the OOTB Infinity Web application, when a user initiates a login, transaction, user management, or any other workflow that requires push authentication, the request is sent to the user’s Mobile device.

The push authentication request appears in the Offline, Online, or Security Alerts - Pending section. When the user clicks a pending notification, the corresponding workflow is initiated.

Note: All components mentioned above are implemented using HID Approve SDK 5.13 and functionality can be checked through the HID Global - Major Bank app.

MobileUserManagement Component

The user management functions allow users to manage their authenticators.

Component Overview

Component Package

com.hid.mb.MobileUserManagement

User Interface

Yes

Platforms Supported Android & IOS
Functionality This component is used for User Device Management.
Dependent Components
  1. com.hid.md.mobileUserManagementPinPopUp

  2. com.hid.md.mobileUserManagementSigningSDK

  3. com.hid.md.nonFinancialWithoutUI

Available from Version 12.0.0

Server Properties

Mandatory Server Properties HID_KONY_APP_KEY 

<App key of the fabric application>  

(e.g., h728h89031832jdy9292)  

HID_KONY_APP_SECRET 

<App secret of the fabric application>

(e.g., 89bv2894673792003jy2) 

HID_HOST  

<HID Authentication Service Host>

 (e.g., test123.aaas.hidcloud.com)  

HID_TENANT  

<HID Authentication Service Tenant Id>

(e.g., tf98f45g90843781907)

MobileUserManagement Component Properties

S.No.  Property Name  Purpose 

1.

username

Username for the user to manage the device and other settings.

2. isRMSEnabled Indicates whether RMS is enabled.

MobileUserManagement Component Functions

Function Name Description Parameters
LoadUserManagement Displays the list of registered devices to the user. None
LoadBioInfo Displays the PIN and biometric information to the user. sessionId, deviceId, userName
updateAttributes Validates requests to update the email address or mobile number. As required by the update request.
getUserAttributes Retrieves user details such as Email Address and Phone Number. None
UpdatePinPublic Displays the UI for PIN update scenarios. Notification Flow: IsNotificationFlow = true, Username, IsExpiryFlow = true/falsePIN Expiry Flow: IsNotificationFlow = false, Username, IsExpiryFlow = trueChange PIN Flow: IsNotificationFlow = false, Username, IsExpiryFlow = false

MobileUserManagement Component Public Events

Important: Events must be subscribed from visualizer form side.
Event Name Description Parameters
showLoading Triggered to show loader during service calls   N/A
dismissLoading  Triggered to dismiss loader N/A
navigateToPreviousScreen   Triggered to navigate to Previous screen N/A
registeredDeviceBackButtononClick Triggered to close the User management screen True / False
updateAttributesSuccess  Triggered when the update email or phone number is successful  Success
updateAttributesFailure  Triggered when the update email or phone number is failed  Failure
updateAttributesCancel  Triggered when the update email or phone number is Cancel  Cancel
updatePinCallback Triggered when the pin is updated successfully during Pin Expire call   
Note: Other internal events are handled within the component UI itself and only the required events are emitted to the form.

MobileUserManagement Component Flow

Accessing User Management

  1. Log in to the app.

  2. Go to Settings.

  3. Select User Management.

Managing Registered Devices

You will see a list of your registered devices.

  1. In the list of your registered devices, select the device you want to manage.


  2. Click on the three dots action menu () to see the device manage actions (such as Edit Device Name, Suspend Device, and Remove Device).



  3. Choose one of the following device manage options based on your requirements:

    • Edit Device Name:

      1. Click Edit Device Name and enter a new friendly name. Then, click Update.


      2. You will be prompted for Bio-metric or PIN authentication based on your configuration.

        Confirm with your app's login credentials (PIN, password, secure code, or OTP).


      3. Tap Submit. A success message will appear.


    • Suspend Device:

      1. Click Suspend Device, then you will be prompted for Bio-metric or PIN authentication based on your configuration.

      2. Confirm with your app's login credentials (PIN, password, secure code, or OTP) to suspend the selected device.

        A success message is displayed once the device is suspended.

    • Remove Device:

      Important: This option is only available if you have two or more registered devices. If you only have one device, a warning will be displayed.
      1. Click Remove Device, then you will be prompted for Bio-metric or PIN authentication based on your configuration.

      2. Confirm with your app's login credentials (PIN, password, secure code, or OTP) to remove the selected device.

        A success message is displayed once the device is removed.

Updating Your Profile

Your registered email and phone number are displayed on the dashboard with options to edit them.

Update Email
  1. On the dashboard, tap Update Email.

  2. Enter your new email address.

  3. Tap Update.

  4. Confirm with your PIN or biometrics.

  5. After successful validation, your email will be updated and you will be returned to the dashboard.

Update Mobile
  1. On the dashboard, tap Update Mobile.

  2. Enter your new mobile number.

  3. Tap Update.

  4. Confirm with your PIN or biometrics.

  5. After successful validation, your phone number will be updated and you will be returned to the dashboard.

Updating PIN and Biometric Authentication Methods

User can set Biometric or PIN as a default authentication method for sign in to your application.

Set Biometric as the Default Sign in Method
  1. Open the "Default Sign In" screen to view the registered Biometric and PIN authentication methods.

  2. Select Biometric method that you want to use as your default authentication method for sign in.

  3. Click Set as Default. You will be prompted to enter your PIN.

  4. Enter your PIN to complete the verification process and enable biometric authentication.

  5. Once verification is complete, a success notification confirms that biometric authentication has been set as the default authentication method.

Set PIN as Default
  1. Open the "Default Sign In" screen to view the registered Biometric and Pin authentication methods.

  2. Select Pin method that you want to use as your default authentication method for sign in.

  3. Click Set as Default.

  4. The system updates your authentication settings, and a success notification confirms that PIN authentication has been set as the default authentication method.

Change PIN
  1. Open the "Default Sign In" screen to view the registered Biometric and Pin authentication methods.

  2. Select Pin authentication method to open the PIN management screen.

  3. Click Change Pin to update your PIN.

  4. In the "Update PIN" screen, enter your Current PIN, New PIN, and Re-enter PIN, then click Update.

    Note: The PIN must comply with the policy configured.

  5. A confirmation message indicates that your PIN has been changed successfully.

    You can now sign in to the application using your new PIN.

Self-Service Component Services

Object Services

ServiceName DataModel Mapping Purpose InputParams Invoking

HIDUserManagement

PasswordPolicy

getPolicy

Get the password policy instructions.

authType

AuthenticatorPolicy> getPasswordPolicy

HIDUserManagement

RegisterDevice

getProvisioningMsg

Register a new device for the user.

userName, DeviceId, usernameWithRandomNo

ApproveDeviceRegistrationOrch > getInviteCode

HIDUserManagement

SearchDevices

SearchDevices

Display the user's devices.

username, userId

SearchDevices > searchDevices

HIDUserManagement

UpdateDeviceName

updateFriendlyName

Update the device friendly name.

deviceId, friendlyName

UserManagementService > updateDeviceFriendlyName

HIDUserManagement

UpdateDeviceStatus

updateDeviceStatus

Update the device status.

deviceId, status

ScimAPIs > updateDeviceStatus

HIDUserManagement AssignUnassignDevice assignUnassignDevice Unassign the device before deleting it. username, deviceId, status AssignUnassignDevice > assignUnassignDevice
HIDUserManagement DeleteDevice deleteDevice Delete the selected device. deviceId DeleteDevice > deleteDevice
HIDUserManagement ValidatePassword validatePassword     PasswordAuthServices > passwordValidation
HIDUserManagement ValidateSecureCode validateOTPAuth     OTPAuthServices > validateOTPAuth
HIDAuthService ValidatePassword validatePassword Validate the password. username, password PasswordAuthServices > passwordValidation
HIDAuthService ValidateOTP validateOtp Second factor check to validate the OTP. username, password, authType OTPServices > validateOOB
HIDAuthService OTPRequest sendOTP To send the OTP for registered mobile number. username, AuthenticationType OTPServices > sendOOB
HidUserManagement GetUserAttributes getUserAttributes Purpose to get user attributes (email and Phone Number) to show in the User Management Component username, correlation id GetUserAttributes (1.0) > getUserAttributes
HidUserManagement UpdateUserAttributes updateUserAttributes To Update the user attributes (email and Phone Number). username, externalId, mobile, email, first name, last name, correlation id UpdateUserAttributes (1.0) > updateUserAttributes

HID Fabric Services

Names Operation Name Service Type Description

UserManagementService

SearchUser

Integration

Performs a user search.

UserManagementService

getPasswordPolicy

Integration

Displays the Password policy.

SearchServices

SearchUserAuth

Integration

 

SearchServices

SearchDeviceAuth

Integration

 

SearchDevices

searchDevices

Orchestration

 

ScimAPIs

createNewDevice

Integration

Creates a new DeviceId.

ScimAPIS

updateDevice

Integration

Updates the owner of the device during HID Approve device registration request

DeviceProvisionJava

getProvisonMsg

Integration

Java code to generate a device provisioning message.

UserManagementService

updateDeviceFriendlyName

Integration

 

ScimAPIs

updateDeviceStatus

Integration

 

AssignUnassignDevice assignUnassignDevice Integration Assign or unassign a device.
DeleteDevice deleteDevice Integration Delete a device associated with the provided deviceId.
OTPServices sendOOB Integration Sends an OOB (SMS/Email) OTP to the user.
OTPServices validateOOB Integration Validates the OOB (SMS/Email) OTP.
PasswordAuthServices passwordValidation Integration Validates the user's static password.
AuthenticatorPolicy getPasswordPolicy Integration Provides the Password policy.
GetUserAttributes getUserAttributes Orchestratiom Used to get user attributes (Email & Phone number)
GetUserAttributes GetUserAttributes Integration Used to get user attributes (Email & Phone number)
UpdateUserAttributes UpdateUserAttributes Integration Used to Update user attributes (Email & Phone number)

Self-Service Processors

Names Description Used by (ServiceName-Operation)
SearchUserPreProcessor It retrieves values from the configuration properties of "PASSWORD_AUTHTYPE" and applies them to the request. UserManagementService- SearchUser
SearchUserPostProcessor Processes the output of SearchUser API and adds an error flag to the request if noUserRecords, if userActive empty or with the flag FALSE. If the "authType" present in request is not available in the authenticator (results of SearchUser), then updates the "AuthExists" flag to false. If it is present, updates the flag to true. UserManagementService- SearchUser
FetchUserDetailsPostprocessor Used to Fetch Phone Number to send OTP. HIDOTPUtilService
UpdateAttributesPreProcessor It retrieves values from the configuration properties of "HID_USER_GROUP" and applies them to the request groups. UpdateUserAttributes
UpdateUserMobilePreProcessor Validates that the user exists and that mobileNumber is present, updates the ATR_MOBILE attribute inside the request dataset, serializes the updated attributes back into inputMap, and forwards userId. N/A