Skip to main content

Usernameless authentication

Transaction approvals without having to type usernames

Authenticate without exposing your username

Usernameless transaction approval is a convenience feature to approve transactions without having to type their usernames first. The transaction might be a login to a company portal, an identification during an online support chat session, or an approval for an additional purchase of spare parts. The user scans the QR code specific for the transaction, authenticates on their mobile app, and their actual identity is passed on to the backend once the authentication is complete.

Desktop user flow

For example, customers to an insurance portal can just click the login button, and a QR code is displayed. They scan the code with the branded Access App on the phone, approve with a biometric authentication method, and they are logged in. No need to remember or expose their username, yet completely secure.

Mobile user flow

Alternatively, when chatting with helpdesk on a mobile phone, how often do you hear: "Oh, we just need to verify that it's you". Usernameless authentication comes to the rescue. Send a link from helpdesk to the device of the user. The user taps the link, which opens the Access App on their device, and asks for authentication. Once complete, the support agent has confirmation about the identity of the user, and can proceed with the transactions that require this higher level of certainty.

Technical user flow

As a precondition, the user is already registered to the system, and installed and set up a branded Access App on their mobile phone. Ideally, they used a biometric authentication method, such as FaceID.

A user, currently unknown, wants to log into your website. You issue a QR code tied to the login transaction, with no user specified. The user scans the QR code with the branded Access App on their phone confirms that they want to log in and authenticate with their FaceID. In the background, you keep polling the status endpoint for the transaction with its token. While the user is still going through the motions, the transaction is still pending. But as soon as the authentication is successfully completed, the status endpoint returns a success data object with the userId, and your backend systems can link the successful transaction and the login to the user account, and give them access to your website.

Usernameless test drive

You can test the usernameless feature if you have an Access App on your phone and a trial instance on our Authentication Cloud. Log into your instance from the Nevis Customer Portal.

Register a user

  1. Click the Test & Debug button in the bottom left corner.
  2. Enter an Access Key to authorize the test page to work with your instance.
  3. Under Enroll a new authenticator, enter a username, and click Enroll.
  4. Scan the QR code with the Access App on your phone.
  5. Approve the registration with a biometric authentication method.
  6. In the test page, toggle the JSON response in Scan the QR code with your Access App.
  7. Note down the userId.

Test the regular flow

  1. Click the Sign an approval header, and notice how the Username is already filled in for you.
  2. Under Approval Method, select QR code.
  3. Click Send approval.
  4. Under Requesting approval, toggle the JSON response.
  5. Notice how the response contains the userId.
  6. Under Approve the request on your Access App, toggle the JSON response.
  7. Notice how the response contains the userId.
  8. Complete the authentication on your phone.

Test the usernameless flow

  1. Click the Sign an approval header, and notice how the Username is already filled in for you.
  2. Clear the Username.
  3. Under Approval Method, select QR code.
  4. Click Send approval.
  5. Under Requesting approval, toggle the JSON response.
  6. Notice how the userId is missing from the response.
  7. Under Approve the request on your Access App, toggle the JSON response.
  8. Notice how the userId is missing from the response.
  9. Complete the authentication on your phone.
  10. Under Approve the request on your Access App, notice how the userId is updated in the response.

Ready to integrate

note

The usernameless feature is supported from version 2.2.0 (SDK & Access App).

You can integrate the usernameless feature based on our API Documentation.