End-user verification
This section provides an overview of the end-user verification setting in Futurae. It answers the question of where and how this setting affects everything. The setting can be configured in the Futurae admin console in the services' settings.
Q: How does the end-user verification setting work for the end user?
A: If enabled, a smartphone unlock action is required for the approval (login/transaction) on the smartphone.
- Example:
- Unlock the smartphone to be able to open the app. In the app, press the approve button.
- Without unlocking the smartphone in advance, a prompt to unlock appears automatically due to the user verification setting.
Q: What are the procedures for end-user verification?
A: The smartphone's unlock mechanism is used: PIN, FaceID, fingerprint, etc.
Q: What happens if no smartphone unlock is configured at all (no PIN required to use the smartphone)?
A: This depends on the app. The Airlock 2FA allows using the app even if no locking mechanism is configured on the smartphone. Other apps may handle this differently.
Q: What can be configured?
A: End-user verification is configurable per Futurae service, so it only affects the end-users of that specific service. The setting Allow User Verification Override may allow end users to override the service's setting and disable user verification for themselves in the app settings. However, this is not available in the Airlock 2FA app.
Q: In which apps is the user verification setting used?
A: The user verification feature is used in the Airlock 2FA app and Futurae white label apps. When using the Futurae SDK, the host app defines the logic to deal with end-user verification. Newer SDK versions may contain new features in terms of end-user verification.
Q: In which use cases is the user verification setting applied?
A: It is applied when using the following authentication types: One-Touch, Online QR-Code, Offline QR-Code, and mobile-only (if respected by the app using the SDK).
Q: Is end-user verification enforced on the server side?
A: No, this is not the case. The backend only stores the information on whether end-user verification is on or off. The app then ensures the expected behavior. The unlock mechanism triggered by the app is provided by the device OS.