Multi-factor authentication (mfa) with Oauth 2.0 protocol

Developers can provide multi-factor authentication (mfa) in their login flow securely with SAASPASS.

SAASPASS is offering developers the opportunity to move beyond passwords with adding MFA support to their authentication/login process in a very easy and standard way. It offers developers different ways to integrate SAASPASS, which is the only full-stack identity and access management solution, in less than 10 minutes.

In a few lines of codes in any programming language/tool that you are using, you will be able to integrate your login/Registration with SAASPASS MFA using any of the supported standard protocols.

SAASPASS Developer site

SAASPASS has a comprehensive web site dedicated for developers to walk them through the whole process of integrating their apps and websites.

This site is covering the three ways of providing SAASPASS Multi-Factor Authentication for any web, mobile web or mobile application.

There is even ready code available to expedite the process of safeguarding your employees and users. Explore the integration with SAASPASS MFA with the simulator and the sample (Java, .NET, Python and PHP) applications. You will see how the integration can be customized to meet the needs of any application.

In the developer site, there is a SAASPASS Widgets page that allows developers to create an iFrame embeddable widget customizable for any application. Depending on how you want to use SAASPASS, iFrame can populate an OTP login field, Instant login/Instant registration barcode, Proximity bluetooth, or any combination of the 3.

https://developer.saaspass.com/

Ways for integrating SAASPASS MFA

Currently there are three main ways that SAASPASS offers integration for your application that you can choose from, depending on your application type and your requirements.

1. Multi-factor authentication (mfa) with RESTful API
2. Multi-factor authentication (mfa) with Node.js
3. Multi-factor authentication (mfa) with Java
4. Multi-factor authentication (mfa) with Microsoft .Net
5. Multi-factor authentication (mfa) with PHP
6. Multi-factor authentication (mfa) with Python
7. Multi-factor authentication (mfa) with iOS SDK
8. Multi-factor authentication (mfa) with Android SDK
9. Multi-factor authentication (mfa) with Swift SDK
10. SAASPASS Mobile Application Login (Mobile App-to-App native integration)
11. Multi-factor authentication (mfa) with SAASPASS Connect (the standard OpenID Connect and Oauth2.0 protocols with the SAASPASS Connect button)

In the next sections of this blog, we will try to explain in brief some of the mentioned ways.

There are other standard protocols that SAASPASS is offering and you can customize them for integration with your own or even third party products. SAASPASS also supports the SAML 2.0 and the RADIUS protocols. You can find the two type of applications; Custom SAML and Custom RADIUS in the SAASPASS admin portal.

SAASPASS RESTful API

The SAASPASS HTTP RESTful API enables you to integrate SAASPASS Multi-Factor Authentication into any environment you may have. You can add SAASPASS for both internal programs or systems or for externally facing ones as well and you can customize the whole workflow with the RESTful APIs. There is ready code to expedite the process of safeguarding your employees and users. SAASPASS uses HTTP calls by providing a simple and secure interface for developers to integrate.

SAASPASS Custom Application

You can add SAASPASS Multi-Factor Authentication (mfa) to any custom application you have. If you have a custom CRM, ERP, Intranet, Extranet, Accounting software system or any site, application or program that requires user or employee authentication, you can add strong Two-Factor Authentication with the SAASPASS RESTful API.

First of all, you need to register your Company and Internet Domain from the following link or through your SAASPASS reseller;

https://www.saaspass.com/sd/#/companyRegistration

After that, you can integrate your existing Directory, Groups and Users in the SAASPASS Admin portal or you can do that automatically using the SAASPASS RESTful API / Account Management Services.

In order to start integrating your application, you need to first create a Custom Application in the SAASPASS Admin Portal and follow the instructions there.

SAASPASS API SERVICES

SAASPASS HTTP RESTful API, contains various services that could be collected under two main types; perform integrated application authentication/Login and account management.

The services of these two different types also have a different scope. The authentication services/application integration services has the application-scope (called for a specific application), while the account management services has the company-scope (called for the company in general, not specific for any application).

Authentication Services/Application Integration Services

Application Integration Services are about user’s login(authentication)/registration process with SAASPASS for a specific application, so they have application-scope.

These services are:

• Login with One-Time Password (OTP Check): Application-scope
• Login with Scan Barcode: Application-scope
• Login with Proximity: Application-scope
• Single Sign-on Login: Application-scope
• Mobile Application Login: Application-scope
• Instant Registration: Application-scope

Service definitions can be found on Application Integration Services section. Each request to these services needs to be authenticated properly. For the request authentication details, check the Authentication section.

Account Management Services

Account Management Services are about managing your accounts remotely, without using the SAASPASS Admin Portal. Depending on its functionality, a service might have ‘application-scope’ or company-scope.

Account Management Services are:

• Add Account: Company -scope
• Verify Account: Company-scope
• Remove Account: Company-scope
• Register/Assign Account to Application by Admin: Application-scope
• Register/Assign Account to Application by User: Application-scope
• Unregister/Unassign Account from Application: Application-scope

Service definitions can be found in the Account Management Services section. Each request to these services needs to be authenticated properly. For the request authentication details, check Authentication section.

SAASPASS Mobile Application Login

The SAASPASS mobile application login or what we also call “Mobile App-to-App” integration allows users of your native mobile applications to log in using the SAASPASS mobile application as a user MFA Authentication Key. By adding the ready code to expedite the process of safeguarding your employees and/or users, it may take less than 10 minutes.

You can offer the world’s easiest-to-use secure login with Multi-Factor Authentication (MFA) by bringing incredible usability to logging in securely into apps in multiple fundamentally groundbreaking ways.

The Mobile Application Login Flow

You can launch the mobile app from within the SAASPASS mobile app OR you can just press a button on the SAASPASS app OR even from the convenience of 3D Touch without even launching the app!

You can even authenticate yourself with just your Touch ID (fingerprint) or PIN and have SAASPASS automatically enter your randomly generated number (One-Time Password) for you in the background. Unparalleled secure logging in with the magic touch of your finger (wand not necessary).

With this service integrated, the user is able to log in to your mobile application in different ways:

1. Clicking on the ‘Login with SAASPASS’ Button from the custom mobile application login form.
2. Clicking on the ‘Open in Mobile app’ button from within the SAASPASS mobile application.
3. 3D Touch without even launching the app

If the custom application works with a backend server, current manual login form can still be kept and remain fully functional.

This is a simple diagram for the Mobile Application Login Flow.

SAASPASS iOS and Android SDKs

You can integrate SAASPASS Multi-Factor Authentication (MFA) into any iPhone or iPad or Apple Watch app with our iOS SDK and any Android mobile, tablet or Wear app with our Android SDK.

For correct functionality of this service you will need:

• To import SAASPASS SDK to your iOS and/or Android project and follow its instructions to set up the correct communications.
• To use HTTPs or similar protocol for secure communications.
• To keep the SDK up-to-date for the best performance of the login service.

SAASPASS Custom Mobile Application

In order to start integrating your mobile application with the SAASPASS mobile SDK for MFA support, you need first create a Custom Mobile Application in the SAASPASS Admin Portal and follow instructions there. Please read the previous SAASPASS Custom Application section since you will need to do all what we mentioned there.

Also, if you would like to integrate your Account Management with SAASPASS for your custom mobile application, then you need to integrate the SAASPASS RESTful API / Account Management Services that I explained above.

SAASPASS Connect

This section explains how you can add the ‘SAASPASS Connect’ button to your web application, internet or intranet website and implement the authentication flow.

The authentication flow is implemented with OpenID Connect (and Oauth2.0) protocol. As a developer, you will find brief information about the client implementation of OpenID Connect in the SAASPASS Developer site, but for more details about protocol, you can refer to OpenID Connect Basic Client Implementer’s Guide:

http://openid.net/specs/openid-connect-basic-1_0.html

The SAASPASS Connect (Login with SAASPASS) button allows users of your web application or website to log in by clicking on the SAASPASS Connect button in order to trigger and start the seamless SAASPASS authentication process. By adding the ready code to expedite the process of safeguarding your employees and/or users that may take less than ten minutes.

After a successful user authentication with SAASPASS Connect, the action to be taken in your application side is up to your needs and requirements. For example, you will get the email of the authenticated user after SAASPASS sends you a successful authentication response and if you defined a proper scope to get the full user profile from SAASPASS, you MAY get the username that user defined on the profile (if user provided the username on profile). Thus, you can decide to either use email or this username to be the account name of the user in your application. Also it is up to you to check if this account name exists in your database. So you can allow users that already exist in your system only (registered before) or you can just create a new user right after successful authentication.

SAASPASS Connect Application

In order to start integrating your web applications and websites with the SAASPASS Connect for MFA support, you need first to create a SAASPASS Connect Application in the SAASPASS Admin Portal and follow the instructions there. Please read the previous SAASPASS Custom Application section since you will need to do all of what we mentioned there.

Also, if you would like to integrate your Account Management with SAASPASS for your custom mobile application, then you need to integrate the SAASPASS RESTful API / Account Management Services that we explained above.