Mobile Credentials

Mobile ID credentials are issued on mobile apps. They help end users present their mobile ID credentials to authenticate (confirm their identity) in situations such as accessing secure facilities/systems, registering for services, or completing transactions online. The mobile ID credentials leverage secure technologies such as encryption and biometrics to ensure authentication and security.

Unifyia supports the issuance of mobile ID credentials to users using the Unifyia ID Wallet app. You as an operator can help them set up the app and issue mobile identities.

Types of Mobile Digital Credentials

Typically, based on your organizations's settings, five mobile credentials can be issued for a user account – Visual ID, PKI, Consent, OTP, and FIDO2.

Visual ID: This is similar to the physical identity but in digital form. Use the flip icon to switch between the front and back sides of the ID. Tap on the document icon to access user details. Tap the QR Code icon to reveal the QR code for identity and age verification.

PKI: This credential is used for the certificate-based login requests received as consent requests or push notifications from either the platform or third-party applications for passwordless authentication. It is one of the most secure credentials that can be leveraged for authentication. Tap the certificate to review its details.

Consent: The consent keys are used for approving an authentication request sent to the ID Wallet from the platform or integrated applications.

OTP: The OTP credential allows a user to login to the platform in an offline mode. Displays the OTP that can be used to authenticate in an offline mode.

FIDO2: The OTP credential allows a user to log in to the platform using security keys connected to a computer or over NFC or Bluetooth. Additionally, if you have registered the mobile device as an authenticator, then you can use the configured device screen lock (Pattern, Password, PIN, Fingerprint, Face) to authenticate to the platform or integrated applications.

Supported Mobile Phones

  • iOS 13+

Prerequisites

  • Ensure that the users are registered with the necessary privileges by an authorized operator within the organization.
  • The users have a mobile device – iOS. Currently, ID Wallet app is available for iOS devices only.
  • The users have received the Unifyia ID Wallet registration email invite to set up the ID Wallet app on their mobile devices to get digital credentials. This option is based on the set permissions as per the organization's policy.
  • Ask the user to download and install the Unifyia ID Wallet app on a mobile device. They can download it from the mobile device's app store (e.g., Apple App Store for iOS devices). This app helps users to issue digital identities on mobile phones for identity authentication.

Mobile Credentials Issuance

  1. Log into the Unifyia platform.
  2. Navigate to ManagementUsers. Search the user either by name or email. Under the Actions column, select the Issue Identity icon to start the issuance process.
  3. If the user is approved for multiple identities, you will be prompted to select the workflow for which you wish to issue an identity.
  4. Select the option Unifyia ID Wallet from the listed options. The page to set up ID Wallet page appears.
  5. Ask the user to launch the Unifyia ID Wallet app on their mobile.
  6. Open the Unifyia ID Wallet app on the user’s mobile.
  7. Scan the QR code displayed on the page using the ID wallet app. The app fetches the user’s identities.
  8. Tap OK. If the organization has approved FIDO2 credential issuance for the user’s group, the app prompts to continue the FIDO2 registration process. Refer to section FIDO Security Keys Registration. Otherwise, the app displays all the mobile identities and their credentials approved for the user’s group as per the organization's policy. Typically, four credentials can be issued for an account based on the configured workflow – Visual ID, PKI, OTP, and Consent.
  9. If QR code scanning fails in the ID Wallet app, select Enter Manually.
  10. On the ID Wallet setup page, locate the section displaying the URL and secret key. Input the platform URL (e.g., https://org.Unifyia.net) and the Secret Key shown on the platform page.
  11. Tap Submit to complete registration and fetch the user’s mobile credentials.

The user now has mobile credentials issued on the Unifyia ID Wallet app and can use these for multi-factor authentication while logging into the Unifyia platform.

FIDO2 Credentials Registration

  1. Upon completing the credential issuance process, a popup message will appear on the ID Wallet app, prompting you to proceed with FIDO Passkeys registration. Tap OK to continue.
  2. You can delay the FIDO2 registration until later. To proceed with the registration at a convenient time, access the notification to register in the app's Notification Note that this link will only be active for twelve hours.
  3. On the FIDO2 registration page, select Register to configure the user’s mobile device to be used as the FIDO Security Key. Ensure to use either Google Chrome for registration based on the mobile OS.
  4. You are diverted to the Unifyia platform on the phone browser.
  5. Select the link Click here to proceed.
  6. Select Get Started.
  7. You have to choose how to use the security key. Check with the user to decide on the below options.
    1. User security key with Bluetooth: Select this option if the user wishes to connect to another device to pair the key. To do so, ensure there is an identity device with Bluetooth capability enabled.
    2. User security key with USB: Select this option if the user wants to use the USB security keys/tokens such as a YubiKey to use as a security key. Connect the security key to the USB port or link it using a USB cable. If the key features a button or a gold disc, press or tap it accordingly.
    3. User security key with NFC: Select this option if the user wishes to use the NFC-enabled device such as a Yubikey to be used as a security key. Tap the device at the back of the mobile device. You will feel the mobile device vibrate indicating that the Yubikey is successfully registered.
    4. Use this device with screen lock: Choose this option if the user prefers to use the mobile with its configured screen lock (PIN, fingerprint, face, or pattern) as a security key. On the popup screen verify the identity of the user. If the user prefers to use the device screen lock PIN, tap Use screen lock and ask the user to enter the PIN. On successful verification, the FIDO2 credential will be issued on the device.
  8. On the next screen, a label for the registered passkey is displayed. If required, rename it and select OK. You have completed the registration process.
  9. Tap Back to Application.
  10. The user’s mobile identity is successfully updated with the FIDO Passkey credential. Select OK.
  11. The user is now all set to use the mobile device as a FIDO Passkey to initiate multi-factor authentication/passwordless authentication authentication.
  12. You have the following mobile credentials issued:
    1. Visual ID
    2. FIDO2
    3. Consent
    4. PKI
    5. OTP

Back Next
On this page
Related Links