VIP Access application helps protect your online accounts and transactions by using a strong authentication process when you sign in to your VIP-enabled accounts.
VIP Access App is used to authenticate online transactions through TOTP and is available in the play store for installation. The app has a mobile and a desktop version and upon installation, it creates a credential ID for that specific installation and also generates OTP. The OTP's keep refreshing based on the timeout period and new ones get generated.
When you install the VIP Access App in your mobile, the Mobile OTP and Push capabilities are activated for that installation by default. However, if you install the VIP Access desktop app, it will only allow you to execute Mobile OTP capabilities and not allow you to execute Push. To use Push flows, you need to install and register with the VIP Access Mobile App only.
Registration Flow in VIP Access AppRegistration of mobile OTP credentials in VIP Access is a one-time operation. If you are using OTP authentication for the first time, you must complete the OTP registration process by providing your credentials. Once you are through the registration process, your OTP credentials will be stored in the user directory. This will allow you to generate and validate OTPs using the verification flow. The next time you login, you will be immediately prompted to generate and verify transactions using OTP.
Initiate a "/VIPCredentialRegistrar" call to register VIP Access App onto your device. Enter the "credType","credValue", "vipCredentialID" and "otp" in the request payload.
credType- Specify the type of push OTP algorithm supported by the app. Supported type is Time-based-One-Time-Password (TOTP) and TOTP_PUSH.
credValue- Specify a value/name of the device to help you easily recognize the device where the VIP Access Push software is installed.
vipCredentialID- Specify the credential ID that has been generated by the VIP Access app after its installation on your device.
Please note that the vipCredentialID must be entered without any spaces. For example-the credID should be entered like this "VSST74448879" and not like "VSST 7444 8879".
otp- Specify the otp generated by the VIP Access app.In response to the registration request, the solution returns the "flowState", "nextaction" as AUTH_ALLOWED and the "Status" as "ACTIVE" with other required details. The status indicates that the device is active to receive Mobile OTP (MOTP) and indicates that the registration process has successfully completed. However, the "nextaction" will depend upon the policy and may not always result in "Auth_Allowed". Next time onward, if you need to use MOTP authentication, the MOTP will be sent directly to your registered mobile device for approval.
Step to Register Your Device with VIP Access App Using REST APIs Use the following VIPCredentialRegistrar API to register your device with the VIP Access app:https:////factor/v1/VIPCredentialRegistrar
The notation > implies the text between and including > characters must be replaced with appropriate values. For example-In this endpoint-
https://<>/>/factor/v1/VIPCredentialRegistrar , if you replace the <> with values, it would look like this- https://example.com/default/factor/v1/VIPCredentialRegistrar To know about the scopes that are required to secure these API's, refer to the Scopes section.The solution provides a Sample Mobile application that you can use to perform authentication operations. Click here to know how to setup the application for demo usage.
In the request payload, enter the following details:credType- Specify the type of mobile OTP algorithm supported by the app, which is Time-based-One-Time-Password (TOTP) and TOTP_PUSH.
credValue- Specify a value/name of the device to help you easily recognize the device where the VIP Access Push software is installed.
vipCredentialID- Specify the credential ID that has been generated by the VIP Access app after its installation on your device.
Please note that the vipCredentialID must be entered without any spaces. For example-the credID should be entered like this "VSST74448879" and not like "VSST 7444 8879".
otp- Specify the TOTP generated by the VIP Access app. Response PayloadUpon successfully verifying the values in the request payload, the response generates the "flowState", "nextaction" as "AUTH_ALLOWED", "status" as "ACTIVE" with other useful details. The status of the credential indicates that the device is active to receive MOTP's and indicates that the registration process has successfully completed. In this flow both registration and verification of the device is completed.
Verification Flow in VIP Access App< "flowState": "eyJh. ZX0=", "nextaction": "AUTH_ALLOWED", "data": < "credId": "afa0e0bc-9350-4a9f-9fe2-b42f82bdbacf", "tenantId": "4764021a-9048-11ea-bb37-0242ac130002", "userId": "bab073a2-8201-4037-9b60-24adff61d3dc", "credType": "TOTP", "credValue": "Android Phone", "status": "ACTIVE", "createdDatetime": "2020-09-30 05:14 AM UTC", "modifiedDatetime": "2020-09-30 05:14 AM UTC", "default": false, "vipCredentialID": "VSST74448879", "userDisplayName": "nbruce", "tenantName": "default" >, "deviceID": "45eaee7e-0cda-4b24-bd0a-3e8bd13ba123", "id_token": "eyJ4. kqQ" >
Once you have completed the registration flow, you can thereafter use only the "/MobileOTPVerifier" call to verify the MOTP flows.
Follow this step to authenticate VIP Access MOTP flow in your device:Initiate a "/MobileOTPVerifier" call to receive MOTP from VIP Authentication Hub (referred to as solution) onto your registered device. Enter the "credID", "credValue" and "otp" details in the API request.
credID- Specify the credId that has been generated by the response from the registration call. credValue- Specify the device name. otp- Specify the TOTP generated by the VIP Access app.In response to the authentication request, the solution returns the "flowState", "nextaction" as "AUTH_ALOWED" and status of the device as "ACTIVE". AUTH_ALOWED indicates that you have been authenticated with MOTP and can now access the restricted resource. However, the "nextaction" will depend upon the policy and may not always result in "Auth_Allowed".
Step to Verify MOTP flow with VIP Access App Using REST APIs Initiate the following MobileOTPVerifier API endpoint to authenticate the MOTP flow:https:////factor/v1/MobileOTPVerifier
The notation > implies the text between and including > characters must be replaced with appropriate values. For example-In this endpoint-
https://>/>/factor/v1/ MobileOTPVerifier,if you replace the <> with values, it would look like this- https://example.com/default/factor/v1/MobileOTPVerifier MobileOTPVerifier Request Payload In the request payload, enter the following details: credId- Specify the credId that has been generated by the response from the registration call. "credValue": Specify the device name. otp- Specify the TOTP generated by the VIP Access app. MobileOTPVerifier Response Payload
In response to the authentication request, the solution returns the "flowState", "nextaction" as "AUTH_ALOWED" and status of the device as "ACTIVE". AUTH_ALOWED indicates that the you have been authenticated with MOTP and can now access the restricted resource. However, the "nextaction" will depend upon the policy and may not always result in "Auth_Allowed".
< "flowState": "eyJh. zZX0=", "nextaction": "AUTH_ALLOWED", "data": < "credId": "afa0e0bc-9350-4a9f-9fe2-b42f82bdbacf", "tenantId": "4764021a-9048-11ea-bb37-0242ac130002", "userId": "bab073a2-8201-4037-9b60-24adff61d3dc", "credType": "TOTP", "credValue": "Android Phone", "status": "ACTIVE", "createdDatetime": "2020-09-30 05:14 AM UTC", "modifiedDatetime": "2020-09-30 05:14 AM UTC", "default": false, "vipCredentialID": "VSST74448879", "userDisplayName": "nbruce", "tenantName": "default" >, "deviceID": "45eaee7e-0cda-4b24-bd0a-3e8bd13ba123", "id_token": "eyJ4. kqQ" >
