A step by step instruction to start Logintap at any site
1. Quick overview of steps to launch
1. Register with LoginTap.
2. Create a new Project in LoginTap
3. Enable OpenID for the project ( you will get ID and Token)
4. Fill in your system's call back URL and paste ID and Token to your backend system
2. Auth points to use Logintap OpenID (SSO)
These are various use examples, however, you might not have any control over how your CMS is using the OpenID Connect protocol. So you may just skip this section.
2.1 No Login, No Pass
2.2 No Password
Press for Mobile Auth
2.3 Second Factor Auth
You Login & Pass are Correct
Waiting for your Mobile Confirmation
Waiting for your Mobile Confirmation
User is recognised via cookie (or alike), when opening the application. No logins/passwords, all is done through mobile 2FA. The same works for business process auth type cases.
Best for maximum convenience for your users.
User enters login only, presses the Login button, and the rest is done via mobile 2FA.
As a subcase - the user forgot a password, gets quick access with just the login.
User first passes full standard auth with login and password, then the mobile 2FA auto starts.
Best for pure 2 factor auth with maximum security.
3. Important Notes
1. Logintap Service is Anonymous!
We do not have, nor do we provide, any user data, such as names or emails when a new user is connected.
OpenID only substitutes login and password, so your OpenID integration must be done right to specifications - after it receives a new user it must enrich other required fields, such as phone numbers, names, etc.
2. Logintap's OpenID Works for Your Existing Users!
Logintap's anonymity provides not only security but also a great advantage - YOU CAN USE LOGINTAP OPENID AUTH FOR ALL EXISTING USERS, not just to register new ones. In this case, you keep all current user data like existing emails and names, as our system will not return this data from any user.
Your OpenID protocol integration MUST BE DONE RIGHT. Your system must use not only an "email" but also the user's "session ID" as one of the parameters when "gluing" a user data received by a standard OpenID response.
As an example - if your user is registered in your system as "[email protected]", and then switches to Google's OpenID using this same email account, your system will "glue" the old registered user to the new authentication choice and update the old user's data fields. If the user chooses a new Google account, say "[email protected]" your system MUST still be able to recognize the user and "glue" with new authentication credentials (with or without re-writting an email address)
4. Full step-by step instruction
VERY IMPORTANT! The work of OpenID can differ between various CMS systems. Logintap only works as the integration with this protocol is made by your developers. Please refer to your CMS for various setup ways.
This instruction assumes that you have already registered with Logintap. If not - press Sign Up and check your email.
4.1 Create a new Project in Logintap
Press "Add New Project" button.
The Settings form will appear. You can always access it later from a "Menu" button of each of your projects.
1. Name this Project/site, note that is sometimes visible to your users, so name it properly.
2. Get a callback URL from your CMS system, it should be on the same form where you activate an open ID.
3. Check the box - Require Finger and Face, as Logintap's SSO will not function without this maximum-security setting.
THEN SCROLL DOWN TO:
1. Generate two tokens for the OpenID Connect protocol - Application ID and API token. The reason there are two separate buttons in here - so you can change one of these later on a fly, with as little interruption in service as possible.
2. Copy three standard OpenID items one by one into your CMS system
The rest of the setup depends on your CMS, so please refer to tech docs of your system for further instructions.
Test Logintap auth in under 5 minutes
1. Press "Sign up" & fill up the form
You will recieve a new account into you email within 1 minute time.
2. Open your email and login into your account - DO NOT SAVE LOGIN DATA IN BROWSER
3. Press - "Connect a Messenger" - top right
4. In a pop up - pick a messenger, which you have on your mobile phone, where to auth your logins
4. Use your photo app, or any QR taking app to follow in the link on your mobile device
5. Press Start when in a messenger of your choice. You will see an instruction message, follow it. Provide faceID or fingerprint, if asked for.
6. Logout of your Logintap account
7. Enter your email & Press - "Logintap" button to use mobile auth.
8. Your messenger gets a Push, follow the Yes/Ok/Continue answers. Provide fingerprint or faceID if asked for.
DONE - your are again in Logintap account. Without using a password.
This is just a one possible approach - use login to enter account. Read on more options in Tech Docs.