Multi-factor authentication (mfa) with

RESTful API

Developers can provide multi-factor authentication (mfa) in their login

�ow securely with SAASPASS.

SAASPASS is o�ering developers the opportunity to move beyond

passwords by adding MFA support to their authentication/login

process in a very easy and standard way. It o�ers developers di�erent

ways to integrate SAASPASS, which is the only full-stack identity and

access management solution, in less than 10 minutes.

In a few lines of codes in any programming language/tool that you are

using, you will be able to integrate your login/Registration with

SAASPASS MFA using any of the supported standard protocols.

SAASPASS Developer site

SAASPASS has a comprehensive web site dedicated for developers to

walk them through the whole process of integrating their apps and

websites.

This site is covering the three ways of providing SAASPASS Multi-

Factor Authentication for any web, mobile web or mobile application.

There is even ready code available to expedite the process of

safeguarding your employees and users. Explore the integration with

SAASPASS MFA with the simulator and the sample (Java, .NET,

Python and PHP) applications. You will see how the integration can be

customized to meet the needs of any application.

In the developer site, there is a SAASPASS Widgets page that allows

developers to create an iFrame embeddable widget customizable for

any application. Depending on how you want to use SAASPASS, iFrame

can populate an OTP login �eld, Instant login/Instant registration

barcode, Proximity bluetooth, or any combination of the three.

https://developer.saaspass.com/

Ways for integrating SAASPASS MFA

Currently there are three main ways that SAASPASS o�ers integration

for your application that you can choose from, depending on your

application type and your requirements.

Multi-factor authentication (mfa) with RESTful API

Multi-factor authentication (mfa) with Node.js

Multi-factor authentication (mfa) with Java

Multi-factor authentication (mfa) with Microsoft .Net

Multi-factor authentication (mfa) with PHP

Multi-factor authentication (mfa) with Python

Multi-factor authentication (mfa) with iOS SDK

Multi-factor authentication (mfa) with Android SDK

Multi-factor authentication (mfa) with Swift SDK

SAASPASS Mobile Application Login (Mobile App-to-App native

integration)

Multi-factor authentication (mfa) with SAASPASS Connect (the

standard OpenID Connect and Oauth2.0 protocols with the

SAASPASS Connect button)

In the next sections of this blog, we will try to explain in brief some of

the mentioned ways.

There are other standard protocols that SAASPASS is o�ering and you

can customize them for integration with your own or even third party

products. SAASPASS also supports the SAML 2.0 and the RADIUS

protocols. You can �nd the two type of applications; Custom SAML and

Custom RADIUS in the SAASPASS admin portal.

SAASPASS RESTful API

The SAASPASS HTTP RESTful API enables you to integrate SAASPASS

Multi-Factor Authentication into any environment you may have. You

can add SAASPASS for both internal programs or systems or for

externally facing ones as well and you can customize the whole

work�ow with the RESTful APIs. There is ready code to expedite the

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

process of safeguarding your employees and users. SAASPASS uses

HTTP calls by providing a simple and secure interface for developers to

integrate.

SAASPASS Custom Application

You can add SAASPASS Multi-Factor Authentication (mfa) to any

custom application you have. If you have a custom CRM, ERP, Intranet,

Extranet, Accounting software system or any site, application or

program that requires user or employee authentication, you can add

strong Two-Factor Authentication with the SAASPASS RESTful API.

First of all, you need to register your Company and Internet Domain

from the following link or through your SAASPASS reseller;

https://www.saaspass.com/sd/#/companyRegistration

After that, you can integrate your existing Directory, Groups and Users

in the SAASPASS Admin portal or you can do that automatically using

the SAASPASS RESTful API / Account Management Services.

In order to start integrating your application, you need to �rst create a

Custom Application in the SAASPASS Admin Portal and follow the

instructions there.

SAASPASS API SERVICES

SAASPASS HTTP RESTful API, contains various services that could be

collected under two main types; perform integrated application

authentication/Login and account management.

The services of these two di�erent types also have a di�erent scope.

The authentication services/application integration services has the

application-scope (called for a speci�c application), while the account

management services has the company-scope (called for the company

in general, not speci�c for any application).

Authentication Services/Application

Integration Services

Application Integration Services are about user’s

login(authentication)/registration process with SAASPASS for a

speci�c application, so they have application-scope.

These services are:

Login with One-Time Password (OTP Check): Application-scope

Login with Scan Barcode: Application-scope

Login with Proximity: Application-scope

Single Sign-on Login: Application-scope

Mobile Application Login: Application-scope

Instant Registration: Application-scope

Service de�nitions can be found on Application Integration Services

section. Each request to these services needs to be authenticated

properly. For the request authentication details, check the

Authentication section.

Account Management Services

Account Management Services are about managing your accounts

remotely, without using the SAASPASS Admin Portal. Depending on its

functionality, a service might have ‘application-scope’ or company-

scope.

Account Management Services are:

Add Account: Company -scope

Verify Account: Company-scope

Remove Account: Company-scope

Register/Assign Account to Application by Admin: Application-

scope

Register/Assign Account to Application by User: Application-scope

Unregister/Unassign Account from Application: Application-scope

Service de�nitions can be found in the Account Management Services

section. Each request to these services needs to be authenticated

properly. For the request authentication details, check Authentication

section.

•

•

•

•

•

•

•

•

•

•

•

•

SAASPASS Mobile Application Login

The SAASPASS mobile application login or what we also call “Mobile

App-to-App” integration allows users of your native mobile applications

to log in using the SAASPASS mobile application as a user MFA

Authentication Key. By adding the ready code to expedite the process of

safeguarding your employees and/or users, it may take less than 10

minutes.

You can o�er the world’s easiest-to-use secure login with Multi-Factor

Authentication (MFA) by bringing incredible usability to logging in

securely into apps in multiple fundamentally groundbreaking ways.

The Mobile Application Login Flow

You can launch the mobile app from within the SAASPASS mobile app

OR you can just press a button on the SAASPASS app OR even from the

convenience of 3D Touch without even launching the app!

You can even authenticate yourself with just your Touch ID

(�ngerprint) or PIN and have SAASPASS automatically enter your

randomly generated number (One-Time Password) for you in the

background. Unparalleled secure logging in with the magic touch of

your �nger (wand not necessary).

With this service integrated, the user is able to log in to your mobile

application in di�erent ways:

Clicking on the ‘Login with SAASPASS’ Button from the custom

mobile application login form.

Clicking on the ‘Open in Mobile app’ button from within the

SAASPASS mobile application.

3D Touch without even launching the app!

If the custom application works with a backend server, current manual

login form can still be kept and remain fully functional.

1.

2.

3.

This is a simple diagram for the Mobile Application Login Flow.

SAASPASS iOS and Android SDKs

You can integrate SAASPASS Multi-Factor Authentication (MFA) into

any iPhone or iPad or Apple Watch app with our iOS SDK and any

Android mobile, tablet or Wear app with our Android SDK.

For correct functionality of this service you will need:

To import SAASPASS SDK to your iOS and/or Android project and

follow its instructions to set up the correct communications.

To use HTTPs or similar protocol for secure communications.

To keep the SDK up-to-date for the best performance of the login

service.

SAASPASS Custom Mobile Application

In order to start integrating your mobile application with the

SAASPASS mobile SDK for MFA support, you need �rst create a Custom

Mobile Application in the SAASPASS Admin Portal and follow

instructions there. Please read the previous SAASPASS Custom

Application section since you will need to do all what we mentioned

there.

Also, if you would like to integrate your Account Management with

SAASPASS for your custom mobile application, then you need to

integrate the SAASPASS RESTful API / Account Management Services

that I explained above.

SAASPASS Connect

This section explains how you can add the ‘SAASPASS Connect’ button

to your web application, internet or intranet website and implement the

authentication �ow.

The authentication �ow is implemented with OpenID Connect (and

Oauth2.0) protocol. As a developer, you will �nd brief information

about the client implementation of OpenID Connect in the SAASPASS

Developer site, but for more details about protocol, you can refer to

OpenID Connect Basic Client Implementer’s Guide:

http://openid.net/specs/openid-connect-basic-1_0.html

The SAASPASS Connect (Login with SAASPASS) button allows users of

your web application or website to log in by clicking on the SAASPASS

Connect button in order to trigger and start the seamless SAASPASS

authentication process. By adding the ready code to expedite the

process of safeguarding your employees and/or users that may take less

than 10 minutes.

•

•

•

After a successful user authentication with SAASPASS Connect, the

action to be taken in your application side is up to your needs and

requirements. For example, you will get the email of the authenticated

user after SAASPASS sends you a successful authentication response

and if you de�ned a proper scope to get the full user pro�le from

SAASPASS, you MAY get the username that user de�ned on the pro�le

(if user provided the username on pro�le). Thus, you can decide to

either use email or this username to be the account name of the user in

your application. Also it is up to you to check if this account name exists

in your database. So you can allow users that already exist in your

system only (registered before) or you can just create a new user right

after successful authentication.

SAASPASS Connect Application

In order to start integrating your web applications and websites with

the SAASPASS Connect for MFA support, you need �rst to create a

SAASPASS Connect Application in the SAASPASS Admin Portal and

follow the instructions there. Please read the previous SAASPASS

Custom Application section since you will need to do all of what we

mentioned there.

Also, if you would like to integrate your Account Management with 

SAASPASS for your custom mobile application, then you need to