Activation Flow for Android
casan221saas
The Activation flow takes place when a user sets up an account on the app. It is the second and final stage of account enrollment.
As an alternative to enabling activation of a single account at a time, the enterprise can also enable silent activation of multiple, linked accounts of the user.
The following topics provide information about the Activation flow for a single account and linked accounts:
- As an alternative to enabling activation of a single account at a time, the enterprise can also enable silent activation of multiple, linked accounts of the user.
- For information about the APIs mentioned in these topics, see API Reference for Android.
The screenshots shown in these steps were taken on a reference app. Some of the screenshots from the Activation flow on the reference app have not been included in this section.
The app UI and actual steps in the flow can vary depending on the flow that you design.
Steps in the Activation Flow for a Single Account
Setting Up the First Account
The following steps take place when the user installs the app and sets up the first account:
- The user installs the app.
- The user is prompted to submit the activation/enrollment details.You can decide on the mode by which users receive and submit the activation/enrollment details. This screenshot shows text fields in which the user types the activation/enrollment details. Alternatively, you can, for example, replace these text fields with functionality for reading the activation/enrollment details from a QR code displayed to the user.In the following screenshot, the Display Name field is a text field that the user can use to set a display name for this account.
- The user submits the activation details.
- After successful verification of the activation code, the server responds by provisioning and sending two HOTP credentials for this card. One of these HOTP credentials is used for user authentication, and the other is used for device authentication.
- The user is prompted to set a PIN for the app.The user PIN is the same for all accounts for which the user activates CA Strong Authentication. In addition, the user PIN is left as is even if the user deletes all the accounts and then adds new accounts.draft-comment>If the administrator configures user authentication for this enterprise, then the user is prompted to use Android Fingerprint Authentication or this user PIN for authentication during transactions.

- The app generates a random device PIN and stores it in the SharedPreferences file.If the administrator configures device authentication for this enterprise, then this device PIN is automatically used for authentication during transactions.
- The first account is now set up on the app.In the sample screenshot shown here, the user has set "card1" as the name of the account.
- To see the account, the user taps the ACTION ON ACCOUNT button shown in the previous screenshot. When the user taps that button, the following page is displayed:

Setting Up the Second or Subsequent Account
The following steps take place when the user sets up the second and subsequent accounts on the app:
- The user opens the app and taps the ACTIVATE ANOTHER ACCOUNT button.
- The app prompts the user to submit the activation/enrollment details for the account and the PIN that was set earlier.
- After the activation/enrollment details are verified, a success message is displayed on the app.
Steps in the Activation Flow for Linked Accounts
This topic describes a scenario in which a user has not activated CA Strong Authentication for any of her accounts. The steps are almost the same for a scenario in which a user has already activated CA Strong Authentication for an account.
The following steps take place when the user initiates the Activation flow for all of her linked accounts:
- The user taps the Enroll Linked Account button on the app.The preceding step describes one of the ways in which the Activation flow for linked accounts can be initiated.

- The app fetches activation details of the linked accounts.
- The app performs the activation steps for the linked accounts. If the user has not set up a PIN, then the user is prompted to do so.The user is not prompted for a PIN if she has already activated CA Strong Authentication for at least one account.

- The app displays the activation status of the linked accounts. This status includes details of any account for which the activation process has failed.

Sequence Diagrams for the Activation Flow
For sequence diagrams that summarize the API flow during various Activation flow scenarios, see Sequence Diagrams for Enrollment Flows .
Activation Flow Diagram for a Single Account
The following flow diagram shows the sequence of API calls that take place when CA Strong Authentication is activated for one account.
Android - Activation Flow

The value of the serverURL parameter is in the following format:
https://<host-name>:<port-number>/auth-service/callback/api/v1
Collect the URL from the CA Technologies Support team.
Activation Flow Diagram for Linked Accounts
The following flow diagram shows the sequence of API calls that take place when CA Strong Authentication is activated for linked accounts.
Android - Activation Flow - Linked Accounts

Sample Code for the Activation Flow for a Single Account
The following is sample code for the Activation flow for a single account:
//Note: Except for getEnrolledAccounts(), initSALib(<YourActivityName>.this,fcmRegistrationId, deviceNickName), and setURL(binId, newURL), run all SDK calls in the background thread.//You can achieve this by, for example, using the doinbackground() method of the Asynctask class.//Create an object of the AuthenticationHandler class.//Note: The parameter must be an Activity context and not an Application context. If the context is not correct, then an IllegalArgumentException is thrown.AuthenticationHandler handler = new AuthenticationHandler(<YourActivityName>.this);// Check if the PIN is set upboolean isPINSetUp = handler.isPINSetUp();AccountActivationDetails accountActivationResponse = null;if (isPINSetUp) { //If the PIN is set upverifyPinResponse = handler.verifyPin(userPin);if("SUCCESS".equals(verifyPinResponse.getStatus()))accountActivationResponse = handler.verifyActivation(activationRefId, activationCode, serverURL, displayName, userPin);} else { //If the PIN is not set upaccountActivationResponse = handler.verifyActivation(activationRefId, activationCode, serverURL, displayName);}if (accountActivationResponse.getStatus().equals(M3DSConstants.SUCCESS)) {if(accountActivationResponse.isPinRequired()) { try { //Collect the PIN from the user for this account and submit it to the SDK API. … AuthenticationHandler pinHandler = new AuthenticationHandler(<YourActivityName>.this); pinHandler.setPin(accountId, userPin); // accountId is part of the AccountActivationDetails object } catch (Exception e) { //Handle the exception. }}} else { //Display an error message based on the value of the error code variable in the returned object.}
Sample Code for the Activation Flow for Linked Accounts
The following is sample code for the Activation flow for linked accounts:
AccountsActivationDetails accountsActivationDetails = null; String activationURL = successJson.getJSONObject(0).getString("activation_url"); ... // If the PIN is set up if (isPINSetUp) { VerifyPinResponse response = m3DSHandler.verifyPin(userPin); if (M3DSConstants.SUCCESS.equals(response.getStatus())) //enrollment of linked accounts when the PIN has been set up accountsActivationDetails = m3DSHandler.verifyActivation(requests,activationURL,userPin); else if (M3DSConstants.FAILURE.equals(response.getStatus())) { return new AccountsActivationDetails(response.getErrorCode()); } } else { // If the PIN is not set up accountsActivationDetails = m3DSHandler.verifyActivation(requests, activationURL); if (accountsActivationDetails.isPinRequired()) { // Collect PIN from user. AuthenticationHandler handler = new AuthenticationHandler(<activityname>.this); handler.setPin(<collectedPIN>); } }}