Value added features
In this section are covered additional flows of Salt Edge SCA solution:
- Instant enrollment - where customer instantly connects Service Provider in Salt Edge Authenticator app, if pre-authenticated;.
IMPORTANT: For explanation purposes, in Sequence diagrams are used terms "Identity Service", "Authentication Service" and "Core banking". In your environment there already are these components, which may differ in naming. The "Identity Service Example" covered in current project acts accordingly, in order to provide a general overview of the enrollment and strong authentication flows from the perspective of Service Provider. The Identity Service Example contains the functions that are an add-on to the already existing functions of Identity Service within your environment, that by definition is required to process and store customer identities, roles, credentials, etc.
Besides the standard enrollment flow, where customer passes authentication in Salt Edge Authenticator's Web View, provider has a possibility to generate the Deep Link (QR code) with additional parameter connect_query to identify the customer (API documentation). The Instant Enrollment presumes that customer has already passed the authentication process, resulting in a personalized Deep Link (QR code).
Click on IMAGE to enlarge the Sequence Diagram.
Flow starts with introduction of Strong Customer Authentication by Service Provider. Here, Customer authenticates himself as a first step. Then, Customer has 2 choices, either to scan QR code using Authenticator app, or to access Deep Link if seeing the SCA instructions directly from a smartphone.
In comparison to the standard Connect flow, the Instant Enrollment flow presumes that Customer is already authenticated. Hence, for Customer are provided personalized QR code and Deep Link, which contain the connect_query parameter for user identification by Identity Service. For this reason, with "POST /connections" request, is also provided additional authentication parameter and in return Salt Edge Authenticator app receives access_token after what QR code is scanned or Deep Link is accessed.
The Instant Enrollment flow for enrollment eases the enrollment procedure, not requesting the Customer to pass the familiar authentication flow inside Salt Edge Authenticator app, in case Customer has already passed authentication flow on side of Web/Mobile app.
Salt Edge suggests for the "Authorized QR code/Deep Link" (which contains connect_query) to set the expiration time, being refreshed e.g. every 5 minutes.