28 Nov Change in Login flow and username caching
We are building a new login flow in the Vymo mobile app. This was critical for following reasons:
- Enable users for an oAuth-based login mechanism, which is a security requirement for most large Enterprises.
- Support different login mechanisms seamlessly & simultaneously (Vymo-login, OAuth, ADFS and also OTP based first-time password setup) with a singular and uniform login experience.
- Allow existing users to login with different login mechanisms
- Also, offer a delightful first-time login experience
Username caching is a pre-requisite for the new design and enabling caching is convenient for the user.
- Username caching pre-fills the username and requires the end user to only input the password.
- Caching can also give information about the last login method and hence redirect the user to that specific next screen post entering the username.
Username caching will be enabled by default for all Vymo client unless there is a special request from the customer to disable it. Considering that even Banking apps enable username caching, we believe this is a reasonable assumption, without compromising security.
It must be pointed out that the username is masked in the display.
Login methods supported
As part of this change, Vymo now enables user authentication via external authentication providers as configured for the client. Supported authentication providers are:
- Vymo Login – Through this login method user should be able to set his own password with existing credentials available in the system.( Email and phone number in general) System remembers the type of login method and next time takes to only relevant screens. (Please check the design)
- OAuth 2 AD – OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet. OAuth allows an end user’s account to be used by third-party services, such as Vymo, without exposing the user’s password. Various methods which work based on OAuth mechanism include Microsoft Active Directory, SalesForce & Facebook.
*SAML – Security Assertions Markup Language is an XML based standard for authentication and authorization. For mobiles to support the SAML, the application needs to open web view and accesses the public URL of the authentication information provider.
Change in user experience
From end user standpoint the experience has changed as following
- First-time User- For first time user, it’s a two-step process which involves entering Username and setting the password. This helps to redirect the user to the right next step based on the already configured login mechanism.
- Existing user- System already remembers the login method from last time login time and hence directly redirects the user to the corresponding login screen. This is a one-step process for AD(Active directory) and Vymo login methods and two-step processes for oAUth.
- On logout, we are taking users back to the Vymo login page for external authentication mechanism.
- Web will also follow the same revamped flow as mentioned in the app.
Please find the new screens here