Activation Flow for iOS
casan221saas
The Activation flow takes place when a user sets up an account on the app. It is the second and final stage of account enrollment.
As an alternative to enabling activation of a single account at a time, the enterprise can also enable silent activation of multiple, linked accounts of the user.
The following topics provide information about the Activation flow for a single account and linked accounts:
- As an alternative to enabling activation of a single account at a time, the enterprise can also enable silent activation of multiple, linked accounts of the user.
- For information about the APIs mentioned in these topics, see API Reference for iOS.
The screenshots shown in these steps were taken on a reference app. Some of the screenshots from the Activation flow on the reference app have not been included in this section.
The app UI and actual steps in the flow can vary depending on the flow that you design.
Steps in the Activation Flow for a Single Account
Setting Up the First Account
The following steps take place when the user installs the app and sets up the first account:
The screenshots shown in these steps were taken on a reference app. Some of the screenshots from the Activation flow on the reference app have not been included in this section.
The app UI and actual steps in the flow can vary depending on the flow that you design.
- The user installs the app.
- The user is prompted to submit the activation/enrollment details.You can decide on the mode by which users receive and submit the activation/enrollment details. This screenshot shows text fields in which the user types the activation/enrollment details. Alternatively, you can, for example, replace these text fields with functionality for reading the activation/enrollment details from a QR code displayed to the user.In the following screenshot, the Display Name field is a text field that the user can use to set a display name for this account.
- The user submits the activation details.
- After successful verification of the activation code, the server responds by provisioning and sending two HOTP credentials for this card. One of these HOTP credentials is used for user authentication, and the other is used for device authentication.
- The user is prompted to set a PIN for the app.The user PIN is the same for all accounts for which the user activates CA Strong Authentication. In addition, the user PIN is left as is even if the user deletes all the accounts and then adds new accounts.If the administrator configures user authentication for this enterprise, then the user is prompted to use Android Fingerprint Authentication or this user PIN for authentication during transactions.

- The app generates a random device PIN and stores it in the SharedPreferences file.If the administrator configures device authentication for this enterprise, then this device PIN is automatically used for authentication during transactions.
- The first account is now set up on the app.

- To see the account, the user taps the menu icon in the upper-left corner and then taps Accounts. The following page is displayed:

Setting Up the Second or Subsequent Account
The following steps take place when the user sets up the second and subsequent accounts on the app:
- The user opens the app and taps the menu in the upper-left corner of the page.
- From the menu that is displayed, the user selects the Accounts option.
- The user taps the + icon.
- The app prompts the user to submit the activation/enrollment details for the account and the PIN that was set earlier.

- The user submits the required details.
- After the activation/enrollment details are verified, a success message is displayed on the app.
Steps in the Activation Flow for Linked Accounts
This topic describes a scenario in which a user has not activated CA Strong Authentication for any of her accounts. The steps are almost the same for a scenario in which a user has already activated CA Strong Authentication for an account.
The following steps take place when the user initiates the Activation flow for all of her linked accounts:
- The user taps the Enroll Linked Account button on the app.The preceding step describes one of the ways in which the Activation flow for linked accounts can be initiated.
- The app fetches activation details of the linked accounts.
- The app performs the activation steps for the linked accounts. If the user has not set up a PIN, then the user is prompted to do so.The user is not prompted for a PIN if she has already activated CA Strong Authentication for at least one account.
- The app displays the activation status of the linked accounts. This status includes details of any account for which the activation process has failed.
Sequence Diagrams for the Activation Flow
For sequence diagrams that summarize the API flow during various Activation flow scenarios, see Sequence Diagrams for Enrollment Flows.
Activation Flow Diagram for a Single Account
The following flow diagram shows the sequence of API calls that take place when CA Strong Authentication is activated for an account.
iOS - Activation Flow

The value of the serverURL parameter is in the following format:
https://<host-name>:<port-number>/auth-service/callback/api/v1
Collect the URL from the CA Technologies Support team.
Activation Flow Diagram for Linked Accounts
The following flow diagram shows the sequence of API calls that take place when CA Strong Authentication is activated for linked accounts.
iOS - Activation Flow - Linked Accounts

Sample Code for the Activation Flow for a Single Account
The following is sample code for the Activation flow for a single account:
AccountActivationDetails *activationObj=nil; authenticationHandler = [[AuthenticationHandler alloc]init]; //App checks whether the PIN is setup if(isPINSetup) verifyPINResponse = [authenticationHandler verifyPIN:masterPin]; if ((!isPINSetup) || ([verifyPINResponse.status isEqualToString:SUCCESS])){ // More on the background thread activationObj= [authenticationHandler verifyActivation:actCode :activationRefId :URL :displayName :masterPin]; } if(activationObj == nil) { //App sends back error message to the Page }else if([activationObj status isEqualToString:SUCCESS){ if([activationObj isPINRequired]){ // App prompts the user to set PIN. // App sets the PIN. ActivationAcknowledgementResponseObj = [authenticationHandler setPin: AccountID:pin]; }else{ // App displays a message corresponding to status variable of ActivationAcknowledgementResponseObj. [lastScreenController setMessage:[acknowledgeObj Message]]; [self performSegueWithIdentifier:@"lastscreen" sender:Self]; } }else if ([[activationObj Status] isEqualToString:FAILURE]){ // App displays an error message corresponding to activation failure. }else{ // App displays an error message corresponding to the status variable of the returned object. }
Sample Code for the Activation Flow for Linked Accounts
The following is sample code for the Activation flow for linked accounts:
// Make a call to get the account activation details from the bank server. // The following API call sends a request to the bank server to collect the activation details. NSMutableDictionary * linkedAcctsEnrollJson = [HttpRequestUtil makeHttpGetRequest:bankServerUrl]; // TODO: parse the json and make activation requests from it to pass it to the SDK API for linked accounts //Check if success json is available if([linkedAcctsEnrollJson objectForKey:@"success"]) { int displayNameCount = [self getDisplayNameCount]; NSArray * successJsons = [linkedAcctsEnrollJson objectForKey:@"success"]; NSMutableArray <MultipleAccountActivationParams *> * activationParams = [[NSMutableArray alloc] init]; for(NSDictionary * successJson in successJsons) { MultipleAccountActivationParams * activationParam = [[MultipleAccountActivationParams alloc] initWithData:[successJson objectForKey:@"activation_code"]:[successJson objectForKey:@"reference_id"] :[NSString stringWithFormat:@"Account-%i", displayNameCount++] :nil]; [activationParams addObject:activationParam]; } [self updateDisplayNameCount:displayNameCount]; //Call SDK API for bulk activation if(isPINSetup) { actResponses = [self.M3DSObject verifyActivation:activationParams :[[successJsons objectAtIndex:0] objectForKey:@"activation_url"] :userPin]; } else { actResponses = [self.M3DSObject verifyActivation:activationParams :[[successJsons objectAtIndex:0] objectForKey:@"activation_url"] :nil]; } } else { if([linkedAcctsEnrollJson objectForKey:@"errorCode"]) { errorCode = [linkedAcctsEnrollJson objectForKey:@"errorCode"]; } } //activation, then set the pin if required else display the proper message //Set the status to success isActivationSuccess = true; } else { if(self.verifyPINResponse != nil && self.verifyPINResponse.errorCode != nil) { errorCode = [self.verifyPINResponse errorCode]; } }