I think two-factor authentication by sending OTP to SSU's email will be more preferable than mobile number, reason being a SSU's mobile number might be cloned or the sms can bridged. I also think we could keep track of devices used by users to login into de self-service app for verification
---Sent from Boxer | http://getboxer.com Hi all, Here is my 2 cents. I believe creating a self-creation of SSU is bit tricky. How we can authenticate that client details are not misused by somebody. For example creating SSU user by providing mobile number or email id with account number. Most of the bank apps, will authenticate by sending OTP to his mobile/email. I feel it always better to have two step authentication while on boarding a customer with SSU app. If it is not possible with OTP then we have to at least enable maker checker by taking his last 2-5 transaction details while creating SSU. Thanks, Nazeer From: Ed Cable [mailto:edca...@mifos.org] Sent: 15 April 2017 00:11 To: dev Cc: Nazeer Shaik Subject: Self-Creation of Self-Service User ID Nazeer or others in the community, Can we pick up where we last left off on Adi's comments regarding self creation of a self-service user ID. This an important component of any self-service app or mobile wallet powered by Apache Fineract. Self-Creation of a Self Service User ID Is it possible for a client to create their own self-service user ID or is that only supported by a back office staff? The use case is as such: I download the app from the Google Play Store and have a link to "Sign Up". I click sign up and then should be prompte for my account number or phone number and then based on that it selects which client account i have in mifos and I can then create my user ID and credentials. [Adi] App user creation is a secure operation which needs permissions to use the APIs. In the scenario that you have mentioned, we need an intermediate implementation that takes the open requests from clients an in the background verify and create self serviceusers. Ed On Tue, Oct 18, 2016 at 9:21 PM, Adi Raju <adi.r...@confluxtechnologies.com> wrote: PSB From: Ed Cable [mailto:edca...@mifos.org] Sent: 19 October 2016 07:18 To: dev (dev@fineract.incubator.apache.org) Cc: Adi Raju; Denila Philip Subject: Questions regarding Log in via Self-Service APIs Hi Adi, I will let the devs and PM working on the community Android self-service app chime in with more specifics but we have some questions. How do you pass the client ID as part of the login process? When Puneet was working on the login he wasn't getting the Client ID as part of the response from the login. Is this possible as it's needed to only then display the accounts of that client. And could you clarify that this is the client ID that's created when their client account is created in mifos (and not an ID that's generated when their self-service user account is created). [Adi] As part of authentication response, we are not sending list of client ids associated with the app user. In situations like agent banking, this info could become too big. Best way to know clients associated with self service user is using clients api itself. If the response is a single client, app can directly proceed to accounts page. If it is more than one client, list the clients. Yes, Client Id is different from app user/self service user id. Self-Creation of a Self Service User ID Is it possible for a client to create their own self-service user ID or is that only supported by a back office staff? The use case is as such: I download the app from the Google Play Store and have a link to "Sign Up". I click sign up and then should be prompte for my account number or phone number and then based on that it selects which client account i have in mifos and I can then create my user ID and credentials. [Adi] App user creation is a secure operation which needs permissions to use the APIs. In the scenario that you have mentioned, we need an intermediate implementation that takes the open requests from clients an in the background verify and create self service users. -- Ed Cable Director of Community Programs, Mifos Initiative edca...@mifos.org | Skype: edcable | Mobile: +1.484.477.8649 <tel:(484)%20477-8649> Collectively Creating a World of 3 Billion Maries | http://mifos.org <http://facebook.com/mifos> <http://www.twitter.com/mifos> -- Ed Cable President/CEO, Mifos Initiative edca...@mifos.org | Skype: edcable | Mobile: +1.484.477.8649 Collectively Creating a World of 3 Billion Maries | http://mifos.org <http://facebook.com/mifos> <http://www.twitter.com/mifos>
