Netcetera Identity User Management

Overview

We are introducing Netcetera Identity user management that shall replace the old Netcetera Auth user management. Netcetera Identity is a solid ground for later introducing another authentication methods, such as TOTP Authentication, improving security and user experience. Netcetera Identity also supports SAML – the widely adopted standard for authentication and authorization.

The migration to the Netcetera Identity Server will be done without impacting user’s experience. Users will need to do a refresh binding with Futurae only. As an existing customer on Netcetera 3DS Server SaaS solution, we will contact you individually upon migration of your organization. After you receive mail please follow the Authentication steps in the Authentication for migrated users’ section below.

Authentication for migrated users

By following these steps, migrated users will be able to continue using Futurae as their second factor for authentication without interruption.

  1. Provide username and password

username password authentication

  1. Start with the setup of the Futurae Authenticator

futurae setup initial screen

  1. Download the application and click on the “Continue” button

install futurae app screen

  1. Scan the QR code with the Futurae Application

futurae qr code

  1. Activation is successfully completed. Continue with the authentication process.

futurae continue with authentication

  1. Choose the authentication method from the provided options

futurae authentication method selection

  1. Approve the request in the Futurae Application in order to successfully finish the authentication

futurae approve page

  1. Verify your email address to activate your account

email verification auth

Futurae reset

Automatic Account Recovery allows Futurae users to automatically migrate their Futurae 2FA accounts that are enrolled in a previous device, to a new one.

Automatic Account Recovery relies on a secret recovery token that is generated by the Futurae backend and exchanged with the authenticator app, every time the user activates a freshly installed Futurae authenticator or white label app (or a customer app that integrates the Futurae mobile SDK) for the first time.

On Android, the recovery token is stored using the device Key-Value backup (part of the official Google Drive/One backup mechanism), while on iOS it is stored in the iCloud or local encrypted backup, as well as the local keychain of the device.

A freshly installed authenticator app (that supports Automatic Account Recovery) will confirm if a valid recovery token exists and in case it does, will use it to authenticate the communication with the Futurae backend and check if the user has Futurae account(s) that can be recovered from his old device. When at least one account is recoverable, the authenticator app will let the user decide whether to perform Automatic Account Recovery or not.

The recovery token is exclusively required for the Automatic Account Recovery process, and can only be used once. In other words, when the user completes the recovery process, the used recovery token becomes invalid.

Upon successful migration, the user account is re-initialized on the new device.

The new device will be provisioned with a fresh recovery token which, once backed up, will allow for any activated accounts to be further recovered in a newer device at a later point in time.