Onboarding Users
Install Imageware Authenticate#
The Imageware Authenticate user app can be installed onto any compatible mobile smart device. The application is downloadable from the Google Play and iTunes App stores. Users must download and install the app onto their device in order to use Imageware Authenticate for biometric authentication and verification.
Link the User to a Tenant#
Before a User can access the Imageware Authenticate mobile application, they must first be associated with a tenant with a valid Imageware tenant account, and then register their device and User ID with Imageware.
Imageware establishes tenant accounts and sets up user IDs. User IDs can be assigned, or the user may register their own ID, provided the tenant has established that protocol.
note
User ID must be a valid email address.#
Server Calls for Creating Users and Associating them with a Tenant#
1. Get Auth Token#
POST {{user_server_url}}/v2/oauth2/oauth/token?scope=SCOPE_TENANT_ADMIN&grant_type=client_credentials
3a. Generate New User Associated with a Tenant#
POST {{gmi_server_url}}/v2/gmiserver/tenant/{{tenant_code}}/person
Register a User's Mobile Device and User ID#
Once a user has installed Imageware Authenticate, and is associated with the tenant, they will need to register their device and enroll their biometrics.
- From the device,launch the Imageware Authenticate application.
- The app prompts the user to enter the UserID they were assigned (must be a valid email address).
note
If the user has not been provided a User ID, they need to contact the tenant to receive one before they can register.#
- The default method to register a user is via a one-time-use verification code found in an email message. When the user registers, Imageware Authenticate sends the submitted User ID (email address) an email message containing the verification code.
- Users must open the email to find the Verification Code, then use it in the app to complete the registration process.
- Once the server accepts the registration confirmation, the device and User ID are now registered with Imageware servers and the attached tenant.
- If the user has not previously enrolled their biometrics, they are prompted to enroll with the biometrics chosen by the tenant.
note
When the user submits the registration email confirmation, the application runs a server query to verify whether the user has previously enrolled on this or any other device. Because Imageware Authenticate authenticates the user and not the device, if their device gets left at home, gets lost, or they upgrade, they can easily be up and running on a different device in a matter of minutes.#
- If Yes,the user is prompted to verify their previously stored identity. See "Verify with Imageware Authenticate".
- If No:
- Once the user submits the registration confirmation,the GMI server processes the user registration and associates the user with the attached tenant. Users will either see a confirmation of success (see next step), or a notification of failure. If the registration fails, the user might need to re-register or contact the tenant for assistance.
- After success, the GMI server pushes enrollment templates to the user's mobile device, prompting them to enroll both voice and face biometrics using those enrollment templates. See "Enroll user biometrics".
note
If an error occurs during registration, enrollment, re-enrollment, or verification, the organization can reset the enrollment.#
Enroll User Biometrics#
After successful registration, the user is prompted to enroll their voice and face biometrics in order to use Imageware Authenticate. Enrollment consists of providing a voice passphrase sample through their mobile device's microphone and a face image using the device's camera.
note
It'is very important to enroll biometrics in optimum conditions, including in a location that has low or no ambient noise for voice enrollment, and is well-lit for face enrollment.#
note
If an error occurs during enrollment, re-enrollment, or verification, the tenant can reset the enrollment.#
To enroll voice, the user is prompted to tap Begin, and then speak a device-prompted passphrase into the mobile device's microphone. This prompt is repeated to ensure the greatest accuracy.
To enroll their face, the user is prompted to take a photograph of their face with their device's camera, adhering to the parameters shown on screen, such as facing forward, reasonable lighting levels, etc. A tutorial is provided if needed.
Once Imageware Authenticate has accepted both forms of enrollment, users can begin receiving alerts from their tenant for qualifying events. The most common alert is a request for out-of-band verification, such as when suspicious activity is detected.
Server Calls to Get Tenant User Enrollment Status#
1. Get Auth Token#
POST {{user_server_url}}/v2/oauth2/oauth/token?scope=SCOPE_TENANT_ADMIN&grant_type=client_credentials