Guidelines
This section details out the guidelines that SP needs to adhere by when implementing their use case with UAE PASS. These guidelines will be checked by Onboarding team as listed below.
Prior to use case approval and sign-off
Assessment on Stage Environment prior to Go Live
Production Verification Post Go Live immediately
Quality Assurance checks
# | Guideline | Description |
---|---|---|
1 | UAE Pass login and SP local login flows should be independent | The use case flow of users logging in through UAE Pass on your channel should be totally segregated from your current Local Login flow. In other words, "Sign in with UAE Pass" or "Sign Up with UAE Pass" flows should never be merged with your existing SP local login or local registration flow. |
2 | Linking identifier (attribute/s) should be unique & verified | As part of the of account linking (one time) step the unique identifier that will be used for linking your internal users' profile with UAE Pass should be based on atributes that are unique per user record (no possible duplicates) and to be verified. |
3 | SOP level to be highlighted in the Use Case diagram | UAE Pass user account Strength of Profile (SOP) level need to be mentioned in the use case flow as per business requirement. For more details on UAE Pass account types please refer to User Account Types. |
4 | UUID needs to be stored | The UUID which is shared by UAE Pass needs to be stored mandatorily post account linking/user account registration process flows with UAE Pass. |
5 | Linking of Verified UAE Pass with Non-Verified Local Accounts and vice versa is LESS Recommended | SP should keep in mind that during use case designing , SP should not perform linking of the below cases:
|
6 | Email only as a unique verfied attribute is NOT Recommended | Automatic account linking scenarios do include a scenario where Verfied Email only can be used as the unique identifier to link existing verified user at SP with verified user in UAE Pass. Although it is acceptable in some specific cases but we do not recommend it unless none of the earlier acceptable scenarios are possible |
7 | Local User ID/password setting for customers during UAE Pass registration flow is NOT allowed | During the New User Registration Flow via UAE Pass (Whether New customer to SP or existing customer with no Online account) SP should not do the following:
|
8 | Local User Account Password change during UAE Pass Sign in flow is NOT Allowed | SP should not provide user an ability to change his/her local account password when logging in through UAE Pass |
9 | Sharing of New Local account details is NOT allowed through UAE Pass |
|
10 | Use Case Release | In order to provide the best experience covering all users (Existing users with/without online access & New to SP Users), SP needs to plan implementation of Automatic, Manual & New User Registration and cover all scenarios in the same release for go-live |
11 | UUID shoud be used for Sign-in (during authentication) | One the SP user profile has been updated with the UUID and linked with UAE Pass account, subsequent Sign-in attempts by user should be based on matching UUID |
12 | Error Message Guidelines | Error message needs to be aligned with UAE Pass button guideline which includes the error message, it is available under the design guidelines in the UAE Pass Toolkit. |
13 | User to initiate authentication not SP | SP is recommended not to initiate UAE Pass authentication on behalf of user. Applying for a service needs to be initiated by user. |
14 | Consistent allowed user type & experience (local vs UAE Pass) should be maintained |
|
15 | Onboarding redirect URL |
|
16 | UAE Pass usage for limited scope must be avoided |
|
17 | Selected Use Case Flow | Please make sure to highlight use case no (UC X.X.X) in your submitted use case scenarios diagram |
18 | Client Credentials from UAE Pass should only be used for approved use case channel |
|
Last updated