Mobile Biometric Auth for AWS Set Up

At the moment you can connect LoginTap as an OpenID SSO provider for all your apps run on AWS. Upcoming is SAML type authentication for corporate applications.

With the Logintap OIDC for Amazon Web Services, you will be able to easily add several different types of auth into your AWS applications. For example, you may authenticate users with their biometric faceID and fingerprint, or allow them to confirm identities using mobile instant messengers.

1. Steps to launch Logintap for AWS

1. Register with LoginTap & create a new Project in LoginTap

2. Set the project as OpenID connect provider, generate OpenID tokens, choose Auth method, as shown here.

3. Setup Identity Provider your Amazon Web Services account as shown in this document below.


2. Auth points

Depending on how your AWS-powered software is set up, you can choose to implement any of the following access types:

2.1 No Login, No Pass
2.2 No Password
Enter Login
Press for Mobile Auth
2.3 Second Factor Auth
You Login
& Pass are Correct
Waiting for your Mobile Confirmation
Waiting for your Mobile Confirmation
User is recognised via cookie (or alike), when opening the application. No logins/passwords, all is done through mobile 2FA. The same works for business process auth type cases.

Best for maximum convenience for your users.
User enters login only, presses the Login button, and the rest is done via mobile 2FA.

As a subcase - the user forgot a password, gets quick access with just the login.
User first passes full standard auth with login and password, then the mobile 2FA auto starts.

Best for pure 2 factor auth with maximum security.

4. Step-by-step AWS OICD Instruction

Login into your AWS account and press this link to open the IAM Management console.

1. Press Identity Providers marked as Step 1 in orange color ↓,

2. then Add Provider (Step 2 - a blue button on your right)

3. Select OpenID Connect - marked blue ↑ (IMAGE ON THE LEFT)

Then fill in OICD data from the Logintap account (IMAGE ON THE RIGHT), where:

4. "Provider URL", marked red ↑ in AWS = "Issuer" in Logintap

5. "Audience", marked green ↑ in AWS = "Application Id" in Logintap

6. Press "Get thumbprint", marked purple ↑ in AWS (= "API Token" in Logintap), if all above is done right, your screen will change to:

The area marked red ↑ in AWS will have a Thumbprint, which is AWS's way to call an API security token.

7. Copy this token into Logintap's project settings, the field called "API Token", which is the only editable field on Logintap OIDC page.

The AWS thumbprint can always be copied later on, if you press the Identity provider, marked red ↓:

Now, all you need to do is to assign the newly added Identity provider a role in your AWS powered system. marked blue ↑.

Then, select Web Identity, marked blue ↓, and then choose the Logintap as the identity provider and your relevant "Audience" (which is just an application/project ID in Logintap and you can have as many such applications/projects as needed) marked red ↓.

That is it.
The rest of the setup depends on your needs. Please click for AWS own help docs - here.