Password-MFA Workflow


Introduction

This document talks about the process through which User Sign-Up and register itself in User database during first login attempt.


Before this the Client/Development team must have to perform the following tasks:
  • 1. Create a project/select (an existing) project by logging into https://cripsa.com
  • 2. Use the link got in the above tasks to call the Password-MFA login screen in the home page of the customer.
The login prompt would be look like something like the following:
Password MFA Workflow Image-1

Figure 1: Password-MFA Login Screen


Create Project through Cripsa

Login to Cripsa Dashboard by using email account


Password MFA Workflow Image-2

Once logged in Create project for OIDC.


Password MFA Workflow Image-3

Fill all the details. All the fields are required.


Password MFA Workflow Image-4

Click on “Create Project”.


Password MFA Workflow Image-5

Now click on Continue or Register App.


Password MFA Workflow Image-6

Registering App with Cripsa

Now go back to https://cripsa.com/password-mfa-register-app ->Select your project you have just created.


Password MFA Workflow Image-7
Password MFA Workflow Image-8

Here Three Fields are Mandatory to fill:

  • Environment
  • Project Name
  • Register Type

In the Register Type there are two options, and one has to select anyone of them as per your requirement. For more information on these options please see FAQ.


Password MFA Workflow Image-9
Password MFA Workflow Image-10
Password MFA Workflow Image-11

Now the client has to use the “buttonCodeCallbackURL” URL in their home page to bring the Password-MFA login prompt for the end user.


User Registration through Sign-up

Access the code URL and click on Sign up


Password MFA Workflow Image-12
Password MFA Workflow Image-13

Password MFA Workflow Image-14

Now go to the e-mail ID and note down the verification code.


Password MFA Workflow Image-15
Password MFA Workflow Image-16
Password MFA Workflow Image-17

Now install Authenticator App (Google Authenticator or Microsoft Authenticator ) and scan the code to get the verification code.


Password MFA Workflow Image-18
Password MFA Workflow Image-19
Password MFA Workflow Image-20

Now the user is registered. Now User can Sign-in using Authenticator Code and Password.


User Login Testing

Using code URI to get Password-MFA login prompt.


Password MFA Workflow Image-21
Password MFA Workflow Image-22
Password MFA Workflow Image-23

Use the Authenticator App to get the Passcode. The above screen is just an example.


Password MFA Workflow Image-24

After putting the code click on Sign in.


Password MFA Workflow Image-25

Once successful Login the Application will return Code.


Similarly, if one can use “ButtonTokenCallbackURL” then it will return the Tokens (Access token and ID Token).


Password MFA Workflow Image-26

The ID Token can be verified through jwt library and customer can login the user after verification only.


Frequently asked questions

1. How many Registration Options available in Cripsa for OIDC and what is the difference between them?


In the Register Type there are four options:

  • Registration with MFA
  • Registration with Only MFA
Password MFA Workflow Image-27

Only the Login screen would be Different for each Registration Type.


Password MFA Workflow Image-28
Figure 1 Registration only with MFA
Password MFA Workflow Image-29
Figure 3 Registration with MFA if OIDC is already configured

Here in the above diagram one can see MFA is available along with OIDC authentication.


Password MFA Workflow Image-30
Figure 4 Registration with MFA with other Authentication processes already configured

Here in the above diagram one can see MFA is available along with OIDC and AUTH 2.0 authentication.