Multi-factor authentication (mfa) with RESTful API · RESTful API Developers can ... mobile web or...
Transcript of Multi-factor authentication (mfa) with RESTful API · RESTful API Developers can ... mobile web or...
Multi-factor authentication (mfa) with
RESTful API
Developers can provide multi-factor authentication (mfa) in their login
�ow securely with SAASPASS.
SAASPASS is o�ering developers the opportunity to move beyond
passwords by adding MFA support to their authentication/login
process in a very easy and standard way. It o�ers developers di�erent
ways to integrate SAASPASS, which is the only full-stack identity and
access management solution, in less than 10 minutes.
In a few lines of codes in any programming language/tool that you are
using, you will be able to integrate your login/Registration with
SAASPASS MFA using any of the supported standard protocols.
SAASPASS Developer site
SAASPASS has a comprehensive web site dedicated for developers to
walk them through the whole process of integrating their apps and
websites.
This site is covering the three ways of providing SAASPASS Multi-
Factor Authentication for any web, mobile web or mobile application.
There is even ready code available to expedite the process of
safeguarding your employees and users. Explore the integration with
SAASPASS MFA with the simulator and the sample (Java, .NET,
Python and PHP) applications. You will see how the integration can be
customized to meet the needs of any application.
In the developer site, there is a SAASPASS Widgets page that allows
developers to create an iFrame embeddable widget customizable for
any application. Depending on how you want to use SAASPASS, iFrame
can populate an OTP login �eld, Instant login/Instant registration
barcode, Proximity bluetooth, or any combination of the three.
https://developer.saaspass.com/
Ways for integrating SAASPASS MFA
Currently there are three main ways that SAASPASS o�ers integration
for your application that you can choose from, depending on your
application type and your requirements.
Multi-factor authentication (mfa) with RESTful API
Multi-factor authentication (mfa) with Node.js
Multi-factor authentication (mfa) with Java
Multi-factor authentication (mfa) with Microsoft .Net
Multi-factor authentication (mfa) with PHP
Multi-factor authentication (mfa) with Python
Multi-factor authentication (mfa) with iOS SDK
Multi-factor authentication (mfa) with Android SDK
Multi-factor authentication (mfa) with Swift SDK
SAASPASS Mobile Application Login (Mobile App-to-App native
integration)
Multi-factor authentication (mfa) with SAASPASS Connect (the
standard OpenID Connect and Oauth2.0 protocols with the
SAASPASS Connect button)
In the next sections of this blog, we will try to explain in brief some of
the mentioned ways.
There are other standard protocols that SAASPASS is o�ering and you
can customize them for integration with your own or even third party
products. SAASPASS also supports the SAML 2.0 and the RADIUS
protocols. You can �nd the two type of applications; Custom SAML and
Custom RADIUS in the SAASPASS admin portal.
SAASPASS RESTful API
The SAASPASS HTTP RESTful API enables you to integrate SAASPASS
Multi-Factor Authentication into any environment you may have. You
can add SAASPASS for both internal programs or systems or for
externally facing ones as well and you can customize the whole
work�ow with the RESTful APIs. There is ready code to expedite the
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
process of safeguarding your employees and users. SAASPASS uses
HTTP calls by providing a simple and secure interface for developers to
integrate.
SAASPASS Custom Application
You can add SAASPASS Multi-Factor Authentication (mfa) to any
custom application you have. If you have a custom CRM, ERP, Intranet,
Extranet, Accounting software system or any site, application or
program that requires user or employee authentication, you can add
strong Two-Factor Authentication with the SAASPASS RESTful API.
First of all, you need to register your Company and Internet Domain
from the following link or through your SAASPASS reseller;
https://www.saaspass.com/sd/#/companyRegistration
After that, you can integrate your existing Directory, Groups and Users
in the SAASPASS Admin portal or you can do that automatically using
the SAASPASS RESTful API / Account Management Services.
In order to start integrating your application, you need to �rst create a
Custom Application in the SAASPASS Admin Portal and follow the
instructions there.
SAASPASS API SERVICES
SAASPASS HTTP RESTful API, contains various services that could be
collected under two main types; perform integrated application
authentication/Login and account management.
The services of these two di�erent types also have a di�erent scope.
The authentication services/application integration services has the
application-scope (called for a speci�c application), while the account
management services has the company-scope (called for the company
in general, not speci�c for any application).
Authentication Services/Application
Integration Services
Application Integration Services are about user’s
login(authentication)/registration process with SAASPASS for a
speci�c application, so they have application-scope.
These services are:
Login with One-Time Password (OTP Check): Application-scope
Login with Scan Barcode: Application-scope
Login with Proximity: Application-scope
Single Sign-on Login: Application-scope
Mobile Application Login: Application-scope
Instant Registration: Application-scope
Service de�nitions can be found on Application Integration Services
section. Each request to these services needs to be authenticated
properly. For the request authentication details, check the
Authentication section.
Account Management Services
Account Management Services are about managing your accounts
remotely, without using the SAASPASS Admin Portal. Depending on its
functionality, a service might have ‘application-scope’ or company-
scope.
Account Management Services are:
Add Account: Company -scope
Verify Account: Company-scope
Remove Account: Company-scope
Register/Assign Account to Application by Admin: Application-
scope
Register/Assign Account to Application by User: Application-scope
Unregister/Unassign Account from Application: Application-scope
Service de�nitions can be found in the Account Management Services
section. Each request to these services needs to be authenticated
properly. For the request authentication details, check Authentication
section.
•
•
•
•
•
•
•
•
•
•
•
•
SAASPASS Mobile Application Login
The SAASPASS mobile application login or what we also call “Mobile
App-to-App” integration allows users of your native mobile applications
to log in using the SAASPASS mobile application as a user MFA
Authentication Key. By adding the ready code to expedite the process of
safeguarding your employees and/or users, it may take less than 10
minutes.
You can o�er the world’s easiest-to-use secure login with Multi-Factor
Authentication (MFA) by bringing incredible usability to logging in
securely into apps in multiple fundamentally groundbreaking ways.
The Mobile Application Login Flow
You can launch the mobile app from within the SAASPASS mobile app
OR you can just press a button on the SAASPASS app OR even from the
convenience of 3D Touch without even launching the app!
You can even authenticate yourself with just your Touch ID
(�ngerprint) or PIN and have SAASPASS automatically enter your
randomly generated number (One-Time Password) for you in the
background. Unparalleled secure logging in with the magic touch of
your �nger (wand not necessary).
With this service integrated, the user is able to log in to your mobile
application in di�erent ways:
Clicking on the ‘Login with SAASPASS’ Button from the custom
mobile application login form.
Clicking on the ‘Open in Mobile app’ button from within the
SAASPASS mobile application.
3D Touch without even launching the app!
If the custom application works with a backend server, current manual
login form can still be kept and remain fully functional.
1.
2.
3.
This is a simple diagram for the Mobile Application Login Flow.
SAASPASS iOS and Android SDKs
You can integrate SAASPASS Multi-Factor Authentication (MFA) into
any iPhone or iPad or Apple Watch app with our iOS SDK and any
Android mobile, tablet or Wear app with our Android SDK.
For correct functionality of this service you will need:
To import SAASPASS SDK to your iOS and/or Android project and
follow its instructions to set up the correct communications.
To use HTTPs or similar protocol for secure communications.
To keep the SDK up-to-date for the best performance of the login
service.
SAASPASS Custom Mobile Application
In order to start integrating your mobile application with the
SAASPASS mobile SDK for MFA support, you need �rst create a Custom
Mobile Application in the SAASPASS Admin Portal and follow
instructions there. Please read the previous SAASPASS Custom
Application section since you will need to do all what we mentioned
there.
Also, if you would like to integrate your Account Management with
SAASPASS for your custom mobile application, then you need to
integrate the SAASPASS RESTful API / Account Management Services
that I explained above.
SAASPASS Connect
This section explains how you can add the ‘SAASPASS Connect’ button
to your web application, internet or intranet website and implement the
authentication �ow.
The authentication �ow is implemented with OpenID Connect (and
Oauth2.0) protocol. As a developer, you will �nd brief information
about the client implementation of OpenID Connect in the SAASPASS
Developer site, but for more details about protocol, you can refer to
OpenID Connect Basic Client Implementer’s Guide:
http://openid.net/specs/openid-connect-basic-1_0.html
The SAASPASS Connect (Login with SAASPASS) button allows users of
your web application or website to log in by clicking on the SAASPASS
Connect button in order to trigger and start the seamless SAASPASS
authentication process. By adding the ready code to expedite the
process of safeguarding your employees and/or users that may take less
than 10 minutes.
•
•
•
After a successful user authentication with SAASPASS Connect, the
action to be taken in your application side is up to your needs and
requirements. For example, you will get the email of the authenticated
user after SAASPASS sends you a successful authentication response
and if you de�ned a proper scope to get the full user pro�le from
SAASPASS, you MAY get the username that user de�ned on the pro�le
(if user provided the username on pro�le). Thus, you can decide to
either use email or this username to be the account name of the user in
your application. Also it is up to you to check if this account name exists
in your database. So you can allow users that already exist in your
system only (registered before) or you can just create a new user right
after successful authentication.
SAASPASS Connect Application
In order to start integrating your web applications and websites with
the SAASPASS Connect for MFA support, you need �rst to create a
SAASPASS Connect Application in the SAASPASS Admin Portal and
follow the instructions there. Please read the previous SAASPASS
Custom Application section since you will need to do all of what we
mentioned there.
Also, if you would like to integrate your Account Management with
SAASPASS for your custom mobile application, then you need to