This document is intended to provide a non-technical audience with an understanding of the Device Registration element in the end-user journey. Note: For illustrative purposes the Canvas app has been used to demonstrate the end-user functionality of the SDK.
About the Device registration end-user journey
In order to use the multi authentication capability offered by the SDK, the customer device must first be registered onto the Contis platform.
There are two alternative methods for performing Device Registration this example shows the method where Device Registration is combined with an SCA event.
Note: The OTP journey to enable device registration is only required once.
The Device registration workflow
Combining an SCA event with Device registration
The app calls the DoSCA method in the SDK when the customer fulfils their first SCA action which could be:
- Login (example used in this document)
- Make a Payment
- Change Address
- Change Mobile Number
- Change Trusted Beneficiary Status
Step 1 – Start screen
The customer opens the app and logs in using 2FA SCA. (see Login use case for example).
After successfully logging in, the customer is presented with an OTP screen:
Step 2 – Customer enters OTP
The customer receives an OTP via SMS (either directly to the customer or via an API response to the client for them to SMS to the customer) and enters it in the app screen when prompted.
There are two outcomes:
- Successful entry of OTP : continue to Step 3 – Device registration email generated.
- Unsuccessful entry of OTP : return to Step 2 – Customer enters OTP, to try again or they can select to resend OTP.
Note: the customer has limited attempts to enter the OTP before the account access is blocked.
Step 3 – Device registration email generated
After successful device registration, the customer will receive an email to inform them of the outcome. The email is optional for API clients.
If the customer has a new device, the above journey will be repeated, and the old device will automatically be removed from the Contis platform and the new device will be registered. An email is available to inform the customer of the change. The email is optional for API clients.
There is an API method available to clients to inform them which customers have registered their device.