Application Flows
The basic login sequence that dictates which flow the users enters automatically based on the available data.
All the flows that allow a user to start the Second Factor registration process and activate the Second Factor. Most of the user interface of this process in implemented in the Stepup-SelfService. The the user interface for the service-desk vetting is implemented in Stepup-RA.
This flow illustrates the steps to be taken when the user is shown the Second Factor overview page and opts to revoke a token
This is the procedure the Registration Authority must follow in order to complete the registration of a second factor.
The Registration Code is deemed valid if it is attached to a Second Factor that has been created by the registrant, which is linked with a verified email address. Furthermore the Second Factor may not have been already registered (a Second Factor cannot be registered twice).
The Proof of Possession is given by performing a challenge-response cycle for the Second Factor on the spot. This means that for SMS-tokens the RA will trigger the sending of an OTP to the registered phone number, for Tiqr the RA will initiate a SAML request in a new window and for Yubikey the Registrant will have to enter the Yubikey-OTP. If the response is valid, the proof of possession has been given.
The identity is verified when the Registration Authority has verified the valid Identity Document (passport, EU drivers license...) with the physical presence of the registrant and enter the document type and (partial) document number.
