Mobile Components

Onboarding Users

Note: Onboarding component is the main component which includes all mandatory files packaged during packaging of the component.
Mandatory Server Settings

HOST

<HID Authentication Service Host>

(e.g., test123.aaas.hidcloud.com)

TENANT

<HID Authentication Service Tenant Id>

(e.g., tf98f45g90843781907)

ORG_ADMIN_USERNAME

<Org admin user of HID Authentication Service Tenant>

(e.g., john.doe@abcorg.com)

ORG_ADMIN_PASSWORD

<Password for the Org admin user>

(e.g., Password01)

KONY_APP_KEY

<App key of the fabric application>

(e.g., h728h89031832jdy9292)

KONY_APP_SECRET

<App secret of the fabric application>

(e.g., 89bv2894673792003jy2)

SERVICES_URL

https://<kony-account-host>/services
(e.g., https://hidglobaltest.konycloud.com:443/services)
Optional Server Settings

ACTIVATION_CODE_AUTHTYPE

 <Activation Code Authenticator if other than AT_ACTPWD>

PASSWORD_AUTHTYPE

 <Static Password Authenticator if other than AT_STDPWD>

DEVICE_TYPE

 <Device type to be used for HID Approve if other than DT_TDSV4B>
HID_IS_APPLIANCE <Identifies whether device is HID Appliance or not>

View Sample Server Settings

Minimum Supported Versions of the OS

Operating System Minimum Supported Versions

Android

Android 5.0

IOS

IOS 10
Mandatory File

sdkNotificationManager.js

It is mandatory for Approve push notification handling from Temenos Infinity Component. It will register the device and handle all the notification callbacks.

Note: The component is using HID Approve SDK 5.7.

  1. Copy sdkNotificationManager.js file from path com.hid.MobileApproveSDK\component\resources\common

  2. Paste it to path ${project-Folder} \modules.

  3. Call registerNotifications function from App - Pre AppInit

Manage Native Function Interface (NFIs)

  1. Open Visualizer.

  2. Go to Edit > Manage Native Function API(s).

  3. Import NFI if not there under IOS/Android

  4. If already added and disabled, then Enable

    IOS:

    Android:

Note: The Online components which HID shares does not have SDK NFI for IOS. It should be build by partners.
Note: The component is using HID Approve SDK 5.7.1
  1. Copy sdkNotificationManager.js file from path: com.hid.MobileApproveSDK\component\resources\common

  2. Paste it to path ${project-Folder}\modules

  3. Call registerNotifications function from App - Pre AppInit

Component Properties

S.No.  Property Name  Purpose 

isRMSEnabled

<ON/OFF options to enable or disable the RMS. ON means RMS is enabled; OFF means RMS is disabled>
2 MFA

<MFA options for SMS or Email>

The configured MFA will be called for medium risks.

3 isRMSReadOnly

<ON/OFF options to enable RMS in Read-Only Mode. ON means RMS is in ReadOnly mode; OFF means RMS is enabled. The default value is always OFF >.

If this field is ON → RMS will just record the user's behavior, but it won't perform any STEP-DOWN operations, all operations would be always STEP-UP.
4 tmCookieTag

<cookie value associated with and provided by RMS>, mandatory field.

This identifier is issued by RMS. Each new device used by the user to access the protected application will be tagged by RMS. This attribute is mandatory and should be always sent.
5 tmCookieSid

<cookie value associated with and provided by RMS>, mandatory field.

This identifier is issued by RMS and serves as a unique identification of a user's session. Its value is persistent throughout the whole session and is stored as a cookie pair.
6 otpLabel This determines the type of OTP need to be generated internally for login process.
7 provisionMode This determines what would be the mode for user registration. currently supported modes are Activation Code or QR Code.

Onboarding Component Functions

checkBioAvailablityPublic

This function checks for biometric availability on device.

 

Parameters

N/A

 

Return Type

Boolean

setBioStatusToEnable

This function sets biometric state to enable for device explicitly.

 

Parameters

Password (String)

 

Return Type

Callback function (bioStatusCallback)

setBioStatusToDisable

This function sets biometric state to disable for device explicitly.

 

Parameters

N/A

 

Return Type

Void

getPinRemainingDays

This function checks for remaining days left for PIN expiry.

 

Parameters

N/A

 

Return Type

Int

getKeyProfileAge

This function checks for remaining days left for container expiry.

 

Parameters

N/A

 

Return Type

getProfileAge(string)

renewContainer

This function renews container before its expiry.

 

Parameters

Password (String)

 

Return Type

Callbackfunction(renewContainercallback,renewContainerExceptionCB)

Onboarding User - Flow Chart Representation

Onboarding Component Flow

There are two ways of onboarding a user:

  1. On the first screen, user provides their Customer ID and Activation Code, then clicks LOGIN.

  2. After successfully validating the activation code, the component displays the screen to create a PIN for the user then user enters and confirms a PIN and clicks CREATE.

    Note: The PIN must comply with Password policy.

  3. After successful PIN creation, it will ask user to set or skip biometric for login.

  4. After user set the biometric or skip, it will ask user to set standard password for web login.

  5. After user set the standard password or skip, Onboarding process gets completed and user gets redirected to Login page.

  1. On selection of QR Scan, user gets a notification asking for permission.

  2. User must choose one of these options:

    • While using the app (Follow steps 4 to 8)

    • Only this time (Follow steps 4 to 8)

    • Don't allow (Follow only step 3)

  3. On tapping Don't allow, user gets a notification to enable permission by opening the device settings.

    1. User gets navigated to the device settings page and modify the permissions.

    2. Once permissions are assigned, user can open camera app in the mobile component and scan QR Code from the web application.

    3. Then follow steps 5 to 8.

    1. User gets navigated to Manual onboarding directly.

    2. User must enter the Service URL, Username, and Invite Code from the web application - Manual registration

    3. After successfully validating the Service URL, Username, and Invite Code, the component displays the screen to create a PIN for the user then user enters and confirms a PIN and clicks CREATE.

      Note: The PIN must comply with Password policy.

    4. After successful PIN creation, it will ask user to set or skip biometric for login.

    5. After user set the biometric or skip, it will show device registered successfully message.

    6. Onboarding process gets completed and user gets redirected to Login page.

  4. On tapping While using the app/Only this time, the user grants permission to the app and opens the camera app to scan QR Code.

  5. After successful scanning of QR Code from web application, the component displays the screen to create a PIN for the user. User enters and confirms a PIN and clicks CREATE.

    Note: The PIN must comply with Password policy.

  6. After successful PIN creation, it will ask user to set or skip biometric for login.

  7. After user set the biometric or skip, it will show device registered successfully message.

  8. Onboarding process gets completed and user gets redirected to Login page.

Pre-Login Screen

Once a user successfully onboarded, user can view the pre-login screen as given below.

Secure Code:

This feature will generate a secure code if there is no internet on mobile. This generated secure code can be used during Web channel login.

Functional Flow:

  1. User must click on the Secure Code option on the pre-login screen.

  2. A screen will popup to enter PIN or biometrics.

  3. After entering the correct PIN or biometrics, screen will display a secure code, which is displayed for one minute and then disappears.

    Note: The generation of secure code for login is a public method (getSecureCode) which is a part of MobileApproveSDK Component.

    This generated secure code can be used during Web channel login.

This feature will generate secure code for performing the Offline Transaction Signing through Web Channel, even if there is no internet on mobile. This works as an offline mode.

Functional Flow:

  1. User must click on the Fund Transfer option on the pre-login screen.

  2. User needs to enter the same three fields that were entered on the Web channel that is Transfer Funds To, Amount and Remarks. Then click Generate OTP.

  3. On clicking Generate OTP, a message will be prompted to confirm the fund transfer, click CONFIRM.

  4. A screen will popup to enter PIN or biometrics.

  5. After entering the correct PIN or biometrics, screen will display a secure code, which is displayed for one minute and then disappears.

    Note: The generation of secure code for Fund Transfer is a public method (signTransaction) which is a part of TransactionSigningMobileSDK Component.

Public Functions

Functions Descriptions

getSecureCode

This function can generate a secure code for login, which is a part of the MobileApproveSDK component.

Parameters : → username

Return Type : → otp

signTransaction

This function can generate a secure code for Fund Transfer which is a part of TransactionSigningMobileSDK component.

Parameter : → {toAccount, amount, remarks}

Return Type : → otp

Onboarding Component Services

Object Services

ServiceName DataModel Mapping Purpose Input Parameters Invoking

HIDObjects

ActivationCodeValidation

validateActivationCode

Validate the user's activation code.

filter (username), username, activationCode, authType

OnboardingValidation > ValidateUser

HIDObjects

AddPasswordAuthenticator

addPasswordAuthenticator

Add a static password authenticator to the user.

username, userId, password, authType

ScimAPIsOrg > addPasswordAuthenticatorInt

HIDObjects

ApproveDeviceRegistration

getInviteCodeTDSV4B

Provision the HID Approve device to the user and get the invite code to add the HID Approve device.

UserId, username, usernameWithRandomNo

PushDeviceRegistrationOrch > getInviteCode TDSV4B

HIDObjects

PasswordPolicy

getPasswordPolicy

Gets the policy for Static Password Authenticator

none

ScimAPIs>getPasswordPolicy

Fabric Services

Names Operation Name Service Type Description

ClientIdentity

-

Identity

Fetches Client Bearer Token

CustomHIDLogin

-

Identity

Used for validating secure code which is created internally
OrgAdminScim - Identity Fetches OrgAdmin Bearer Token

ActivationCodeService

Login

Integration

Authenticates the Activation Code

ClientAuthIdentityWrapper

getClientBearerToken

Integration

IntegrationWrapper of ClientIdentity

ClientAuthIdentityWrapper

getOrgBearerToken

Integration

Integration Wrapper for OrgAdminScim

DeviceProvisionJava

GetProvisonMsg

Integration

Fetches the Invite Code

HIDApproveInitiation

Initiate

Integration

Sends an HID Approve Push notification to the user's registered device.

ScimAPIs

SearchUser

Integration

Searches for the user.

ScimAPIs

getActivationCodeAuthenticator

Integration

An exclusive getAuthenticator service for the ValidateUser Orchestration service. This service does not work alone so use the getAuthenticator instead.

ScimAPIs

getPasswordPolicy

Integration

Provides the Password policy

ScimAPIsOrg

addPasswordAuthenticatorInt

Integration

Adds a Password Authenticator.

PushDeviceRegistrationOrch

getInviteCode TDSV4B

Orchestration

Provisioning Push Device

Java Services

Service Name Purpose Dependencies Called by (Service Name-Operation)

DeviceProvision

Java service to send the Device Provisioning request for HID Approve device registration and process the response to send the provisioning message.

You need to configure following Server Properties:

  • HOST
  • TENANT
  • SERVICES_URL

DeviceProvisionJava-getProvisonMsg

Transaction Signing Component

Mandatory Server Settings KONY_APP_KEY

<App key of the fabric application>

(e.g., h728h89031832jdy9292)
KONY_APP_SECRET

<App secret of the fabric application>

(e.g., 89bv2894673792003jy2)

View Sample Server Settings

Mandatory File

sdkNotificationManager.js

 It is mandatory for Approve push notification handling from Temenos Infinity Component 7.0. It will register the device and handle all the notification callbacks.
Note: The component is using HID Approve SDK 5.7.1

Transaction Signing Component Properties

S.No.  Property Name  Purpose 

username 

This property is used to set the username to the component.  

Transaction Signing Component Functions

signTransaction

This function executes with input values and perform transaction.

 

Parameters

Values (Array)

 

Return Type

CallbackFunctions (pwdPromtCallback, SCB_signTransaction, FCB_signTransaction)

validatePassword

This function validates pin entered to check for authentication before proceeding with transaction.

 

Parameters

password(string), mode(string)

 

Return Type

void

updatePassword

This function used to update pin in-case, pin is expired or about to get expired.

 

Parameters

oldPwd(string), newPwd(string)

 

Return Type

CallbackFunction (exceptionCallback)

Transaction Signing Component Flow

  1. On the first screen, user provides their Customer ID and PIN, then clicks LOGIN.

  2. After successful authentication, from the dashboard, user must click on Fund Transfer option on the bottom navigation menu.

  3. This will takes user to the Fund Transfer page. The user must enter an account number of whom to Transfer Funds To, Amount and Remarks. Then click Transfer.

    Important: Not filling of any mandatory text field will leads to the respective error.

  4. A message will be prompted to confirm the fund transfer, click CONFIRM.

  5. After confirming, user must enter his/her PIN and click SUBMIT to proceed transaction.

  6. Transaction success page will be appeared which the confirms user's transaction.

Transaction Signing Component Services

Object Services

ServiceName  DataModel  CustomVerb  Purpose  Input Parameters Invoking 

HIDTransactionSigning 

SignatureValidation

validateSignature

Offline transaction signing that validates the Transaction details.

username,

password (Secure Code),

authType (Default)

ClientID  (Default)

HIDChallengeValidationService  > signatureValidation

Fabric Services

Names  Operation Name  Service Type  Description 

ClientIdentity 

Identity 

Fetches the Client Bearer Token 

ClientAuthIdentityWrapper 

getClientBearerToken 

Integration 

IntegrationWrapper of ClientIdentity 

HIDChallengeValidationService 

signatureValidation

Integration 

Validates the transaction details with the Secure Code obtained from the HID Approve app.

Approve Notification Component

Mandatory File

sdkNotificationManager.js

 It is mandatory for Approve push notification handling from Temenos Infinity Component 7.0. It will register the device and handle all the notification callbacks.
Note: The component is using HID Approve SDK 5.7.1

Approve Notification Component Properties

S.No.  Property Name  Purpose 

transactionID

This property is used to set the transaction ID to the component.  

Approve Notification Component Functions

showAuthentication

This function shows the authentication to open transaction details.

 

Parameters

N/A

 

Return Type

CallbackFunction (retriveTransactionCallback)

retrieveTransactionIds

This function fetches the pending notifications.

 

Parameters

N/A

 

Return Type

CallbackFunction (onRecievedNotificationsCallback)

Approve Notification Component Flow

  1. In this flow, after successful on-boarding on mobile application with standard password enabled, If user authenticates into web application with the standard internet password, then user will get notification in his/her mobile application rather than the HID Approve application.

    Note: To be able to get notifications on our application we need to add bundle server id from FCM project in sdkNotificationManager.js file. Link for the complete process for adding application to FCM project : Migration from GCM to FCM (kony.com)

  1. The user receives Transaction Approved prompt, if Approve is pushed.

  1. If Deny is pushed, the user will receive Transaction Denied prompt.

Note: All components mentioned above are implemented using HID Approve SDK 5.7.1 and functionality can be checked through the HID Global - Major Bank app.