Use Cases - End User Magic link flow
The following use cases assume that the customer requires end users to have a valid MFA device before being able to successfully log in. The following sections describe the customer’s systems, and how they interact with Haventec Services.
There are the following flows for end users :
-
Registering a brand new end user
-
(a) Registering a new Haventec Authenticate MFA device for an existing non-Silent MFA user (b) Registering a new Haventec Authenticate MFA device for an existing non-Silent MFA user without the End User clicking a magic link
-
Logging in with an existing non-Silent MFA user without any registered Silent MFA device
-
Logging in with a Silent MFA user who has an existing MFA device
-
Verifying user/device via magic-link
Registering A Brand New End User
This flow describes how the customer application would register a user who does not exist in their IAM or have a user in Haventec Authenticate. The flow will end with the end user having an Authenticate account with an activated MFA device, which can be used to log in.
For more details please click here
Registering a new Haventec Authenticate MFA device for an existing non-Silent MFA user
The main difference between registering a brand new end-user and this use case is that the customer backend must handle the scenario where their IAM has an existing end user who needs to be registered in Authenticate before an MFA device can be activated.
The request will go into the customer's login endpoint instead of the registration endpoint.
For more details please click here
Registering a new Haventec Authenticate MFA device for an existing non-Silent MFA user without the End User clicking a magic link
The main difference between registering a Haventec Authenticate MFA device with an existing user in the Customer’s IAM with a magic link sent to the end user by SMS or Email and this use case is that the customer backend must handle the scenario where the backend should automatically call the Haventec Authenticate verify endpoint to verify the user and subsequently activate endpoint if the response from the verify endpoint is successful
For more details please click here
Logging in with an existing Silent MFA user without any registered-Silent MFA device
This flow describes the sequence when an end user is logging into a device for the first time. They already have an Authenticate user account and will only need to add a new MFA device to their existing account.
For more details please click here
Logging in with a Silent MFA user who has an existing Silent MFA device
When an end user is logging in from a registered MFA device, the customer’s backend should proxy the MFA device details to Authenticate to confirm whether the MFA device has the correct credentials.
For more details please click here
Verifying user/device via magic-link
The magic link API is used to verify the user or device by acting as a second factor in the registration or login process. Only a verified User may have devices added to them, and only verified devices can be logged into.
For more details please click here
Comments
0 comments
Please sign in to leave a comment.