Mobile Credentials

Mobile ID credentials are issued on mobile apps. You can present the mobile ID credentials to authenticate (confirm identity) in situations such as accessing secure facilities/systems, registering for services, or completing transactions online. The mobile ID credentials leverage secure technologies such as encryption and biometrics to ensure authentication and security. Unifyia platform supports the self-issuance of mobile ID credentials using the Unifyia ID Wallet app.

This tutorial helps you (the user) understand how to setup the Unifyia ID Wallet app and self-issue the mobile credentials.

The platform enables the issuance of mobile credentials to both enrolled and federated users. If you are a federated user and wish to log in using your existing PIV ID to obtain mobile credentials, ensure that the platform trusts the certificate used for login. Your organization must manage this by integrating with the platform for identity federation.

Mobile Digital Credentials

Typically, your organization's configuration allows the issuance of up to five mobile credentials for your account: Visual ID, PKI, Consent, OTP, and FIDO2. Once the issuance is complete, you can view and use all the mobile identities and their associated credentials.

Visual ID: This is similar to the physical identity but in digital form. Use the flip icon to switch between the front and back sides of the ID. Tap on the document icon to access user details. Tap the QR Code icon to reveal the QR code for identity and age verification.

PKI: This credential is used for the certificate-based login requests received as consent requests or push notifications from either the platform or third-party applications for passwordless authentication. It is one of the most secure credentials that can be leveraged for authentication. Tap the certificate to review its details.

Consent: The consent keys are used for approving an authentication request sent to the ID Wallet from the platform or integrated applications.

OTP: The OTP credential allows a user to login to the platform in an offline mode. Displays the OTP that can be used to authenticate in an offline mode.

FIDO2: The OTP credential allows a user to log in to the platform using security keys connected to a computer or over NFC or Bluetooth. Additionally, if you have registered the mobile device as an authenticator, then you can use the configured device screen lock (Pattern, Password, PIN, Fingerprint, Face) to authenticate to the platform or integrated applications.

Supported Mobile Phones

  • iOS 13+

Prerequisites

  • Ensure that you are registered with the necessary privileges by an authorized operator within the organization.
  • You have a mobile device – iOS. Currently, ID Wallet app is available for iOS devices only.
  • If you are a federated user, ensure to check if your organization has integrated with the Unifyia platform.
  • You have received the Unifyia ID Wallet registration email invite to set up the ID Wallet app on your mobile devices to get digital credentials. This option is based on the set permissions as per the organization’s policy.
  • Download and install the Unifyia ID Wallet app on a mobile device. Download it from the mobile device's app store (e.g. the Apple App Store for iOS devices). This app helps you to issue digital identities on mobile phones for identity authentication.

Self Issuance of Mobile Credentials

You can register your mobile device and issue the credentials in the following ways:

  • Using Unifyia Platform
  • Using a QR Code sent in an email invite

Using Unifyia Platform

  1. Log into the Unifyia platform as a platform user or federated user.
  2. Navigate to Identities.
  3. Select + Add New.
  4. If more than one identity is approved for you, you are prompted to select for which workflow you wish to issue an identity to continue.
  5. Select the option Unifyia ID Wallet from the listed identity device options. The page to set up ID Wallet page appears.
  6. Open the Unifyia ID Wallet app on your mobile.
  7. Scan the QR code displayed on the page using your wallet app to continue the issuance process as given below.
  8. The app fetches your identities.
  9. Tap OK. If your organization has approved FIDO2 credential issuance for your group, the app prompts you to continue the FIDO2 registration process. Refer to section FIDO2 Security Keys Registration. Otherwise, the app displays all the mobile identities and their credentials approved for your group as per your organization's policy. Typically, four credentials can be issued for your account based on the configured workflow – Visual ID, PKI, OTP, and Consent.
  10. If QR code scanning fails in the ID Wallet app, select Enter Manually.
  11. On the Unifyia platform navigate to the ID Wallet Locate the section displaying the URL and secret key. Input the platform URL (e.g., https://org.utopia.net) and the Secret Key shown on the platform page.
  12. Tap Submit to complete registration and get your mobile identities.

Using a QR Code

  1. Open the email sent to your registered email ID on your computer.
  2. You will find a QR code to pair your device.
  3. Launch the ID Wallet app on the mobile and use the QR code scanner within the app to scan the QR code provided in the received email.
  4. Once the scanning of the code is successful, the app fetches your identities.
  5. Tap OK. If your organization has approved FIDO2 credential issuance for your group, the app prompts you to continue the FIDO2 registration process. Refer to section FIDO2 Security Keys Registration. Otherwise, the app displays all the mobile identities and their credentials approved for your group as per your organization's policy. Typically, four credentials can be issued for your account based on the configured workflow – Visual ID, PKI, OTP, and Consent.
  6. If the QR code scanning from the email fails on the ID Wallet app, select Enter Manually.
  7. On the email invite, locate the section Unable to scan.
  8. Input the platform URL (g.: https://org.utopia.net) and the Secret Key that you see under this section.
  9. Tap Submit to complete registration and get your mobile identities.

FIDO2 Passkeys Registration

  1. Upon completing the credential issuance process, a popup message will appear on the ID Wallet app, prompting you to proceed with FIDO2 Passkeys registration. Tap OK to continue.
  2. You can delay the FIDO2 registration until later. To proceed with the registration at a convenient time, access the notification to register in the app's Notification Note that this link will only be active for twelve hours.
  3. On the FIDO2 registration page, tap Register to configure your mobile device to be used as the FIDO2 Security Key.
  4. You are redirected to the Unifyia platform on your phone browser.
  5. Select the link Click here to proceed.
  6. You have to choose how to use your security key.
    1. User security key with Bluetooth: Select this option if you wish to connect to another device to pair your key. To do so, ensure you have an identity device with Bluetooth capability enabled.
    2. User security key with USB: Select this option if you want to use the USB security keys/tokens such as a YubiKey to use as a security key. Connect the security key to your USB port or link it using a USB cable. If your key features a button or a gold disc, press or tap it accordingly.
    3. User security key with NFC: Select this option if you wish to use the NFC-enabled device such as a Yubikey to be used as a security key. Tap the device at the back of the mobile device. You will feel the mobile device vibrate indicating that the Yubikey is successfully registered.
    4. Use this device with screen lock: Choose this option if you prefer to use the mobile with its configured screen lock (PIN, fingerprint, face, or pattern) as a security key. On the popup screen verify your identity. If you prefer to use your screen lock PIN, tap Use screen lock and enter your PIN. On successful verification, your FIDO2 credential will be issued on the device.
  7. On the next screen, a label for the registered passkey is displayed. If required, rename it and select OK. You have completed the registration process.
  8. Tap Back to Application.
  9. Your mobile identity is successfully updated with the FIDO2 Passkey credential. Select OK.
  10. You are now all set to use your mobile device as a FIDO2 Passkey to initiate multi-factor authentication/passwordless authentication/app-less authentication.
  11. You have the following mobile credentials issued:
    1. Visual ID
    2. FIDO2
    3. Consent
    4. PKI
    5. OTP

Back Next
On this page
Related Links