Guidelines

This section details out the guidelines that SP needs to adhere by when implementing their use case with UAE PASS. These guidelines will be checked by Onboarding team as listed below.

Prior to use case approval and sign-off
Assessment on Stage Environment prior to Go Live
Production Verification Post Go Live immediately
Quality Assurance checks

#	Guideline	Description
1	UAE Pass login and SP local login flows should be independent	The use case flow of users logging in through UAE Pass on your channel should be totally segregated from your current Local Login flow. In other words, "Sign in with UAE Pass" or "Sign Up with UAE Pass" flows should never be merged with your existing SP local login or local registration flow.
2	Linking identifier (attribute/s) should be unique & verified	As part of the of account linking (one time) step the unique identifier that will be used for linking your internal users' profile with UAE Pass should be based on atributes that are unique per user record (no possible duplicates) and to be verified.
3	SOP level to be highlighted in the Use Case diagram	UAE Pass user account Strength of Profile (SOP) level need to be mentioned in the use case flow as per business requirement. For more details on UAE Pass account types please refer to User Account Types.
4	UUID needs to be stored	The UUID which is shared by UAE Pass needs to be stored mandatorily post account linking/user account registration process flows with UAE Pass.
5	Linking of Verified UAE Pass with Non-Verified Local Accounts and vice versa is LESS Recommended	SP should keep in mind that during use case designing , SP should not perform linking of the below cases: SP local Unverified accounts with UAE Pass Verified accounts (SOP2/SOP3) SP local Verified accounts with UAE Pass Unverified accounts (SOP1)
6	Email only as a unique verfied attribute is NOT Recommended	Automatic account linking scenarios do include a scenario where Verfied Email only can be used as the unique identifier to link existing verified user at SP with verified user in UAE Pass. Although it is acceptable in some specific cases but we do not recommend it unless none of the earlier acceptable scenarios are possible
7	Local User ID/password setting for customers during UAE Pass registration flow is NOT allowed	During the New User Registration Flow via UAE Pass (Whether New customer to SP or existing customer with no Online account) SP should not do the following: User should not be promoted to create username and password Uername and password created by SP in backened for user should not be shared via email or SMS
8	Local User Account Password change during UAE Pass Sign in flow is NOT Allowed	SP should not provide user an ability to change his/her local account password when logging in through UAE Pass
9	Sharing of New Local account details is NOT allowed through UAE Pass	During the new registration flow through UAE Pass, SP is allowed to create a new user ID or online account ID for the customer and set a temp password in the backend at SP side. User should not be aware of such backend process since account has been reated using a Digital ID (password-less) platform. Local user ID/password MUST NOT be shared with customer during or post registration flow. SP can share the local account details with user via email ir SMS onl once user attempts to login through SP local login mechanism by clicking on Forget Password in SP login channel.
10	Use Case Release	In order to provide the best experience covering all users (Existing users with/without online access & New to SP Users), SP needs to plan implementation of Automatic, Manual & New User Registration and cover all scenarios in the same release for go-live
11	UUID shoud be used for Sign-in (during authentication)	One the SP user profile has been updated with the UUID and linked with UAE Pass account, subsequent Sign-in attempts by user should be based on matching UUID
12	Error Message Guidelines	Error message needs to be aligned with UAE Pass button guideline which includes the error message, it is available under the design guidelines in the UAE Pass Toolkit.
13	User to initiate authentication not SP	SP is recommended not to initiate UAE Pass authentication on behalf of user. Applying for a service needs to be initiated by user.
14	Consistent allowed user type & experience (local vs UAE Pass) should be maintained	They allowed user types and services through local login needs to be similarly allowed to login via UAE Pass too. For example, if an SP allows basic non-verified users to avail baisc services through local login then same users should be allowed to login through UAE Pass.
15	Onboarding redirect URL	In order to initiate onboarding on Stage environment, redirect URL provided should be either Dev or Stage enviroment. In order to Go Live, the production refirect URL will be required by SP after assessment sign-off by UAE Pass Onboarding team.
16	UAE Pass usage for limited scope must be avoided	UAE Pass is intended for Authentication purpose and hence the full journey needs to be implemented by SP for users to avail all services on SP channel similar to Lgin through SP Local mechanism. For example: Using UAE Pass for updating user details (email/mobile number) alone should be avoided
17	Selected Use Case Flow	Please make sure to highlight use case no (UC X.X.X) in your submitted use case scenarios diagram
18	Client Credentials from UAE Pass should only be used for approved use case channel	UAE Pass client credentials are channel (Web or Mobile) specific. The Client Credentials are shared by UAE Pass onboarding team after use case has been approved. These credentials should not be reused for a diffent channel/use case without being discussed and approved by UAE Pass team.

Guideline

Description

UAE Pass login and SP local login flows should be independent

The use case flow of users logging in through UAE Pass on your channel should be totally segregated from your current Local Login flow.

In other words, "Sign in with UAE Pass" or "Sign Up with UAE Pass" flows should never be merged with your existing SP local login or local registration flow.

Linking identifier (attribute/s) should be unique & verified

As part of the of account linking (one time) step the unique identifier that will be used for linking your internal users' profile with UAE Pass should be based on atributes that are unique per user record (no possible duplicates) and to be verified.

SOP level to be highlighted in the Use Case diagram

UAE Pass user account Strength of Profile (SOP) level need to be mentioned in the use case flow as per business requirement. For more details on UAE Pass account types please refer to User Account Types.

UUID needs to be stored

The UUID which is shared by UAE Pass needs to be stored mandatorily post account linking/user account registration process flows with UAE Pass.

Linking of Verified UAE Pass with Non-Verified Local Accounts and vice versa is LESS Recommended

SP should keep in mind that during use case designing , SP should not perform linking of the below cases:

SP local Unverified accounts with UAE Pass Verified accounts (SOP2/SOP3)
SP local Verified accounts with UAE Pass Unverified accounts (SOP1)

Email only as a unique verfied attribute is NOT Recommended

Automatic account linking scenarios do include a scenario where Verfied Email only can be used as the unique identifier to link existing verified user at SP with verified user in UAE Pass. Although it is acceptable in some specific cases but we do not recommend it unless none of the earlier acceptable scenarios are possible

Local User ID/password setting for customers during UAE Pass registration flow is NOT allowed

During the New User Registration Flow via UAE Pass (Whether New customer to SP or existing customer with no Online account) SP should not do the following:

User should not be promoted to create username and password
Uername and password created by SP in backened for user should not be shared via email or SMS

Local User Account Password change during UAE Pass Sign in flow is NOT Allowed

SP should not provide user an ability to change his/her local account password when logging in through UAE Pass

Sharing of New Local account details is NOT allowed through UAE Pass

During the new registration flow through UAE Pass, SP is allowed to create a new user ID or online account ID for the customer and set a temp password in the backend at SP side.
User should not be aware of such backend process since account has been reated using a Digital ID (password-less) platform.
Local user ID/password MUST NOT be shared with customer during or post registration flow.
SP can share the local account details with user via email ir SMS onl once user attempts to login through SP local login mechanism by clicking on Forget Password in SP login channel.

Use Case Release

In order to provide the best experience covering all users (Existing users with/without online access & New to SP Users), SP needs to plan implementation of Automatic, Manual & New User Registration and cover all scenarios in the same release for go-live

UUID shoud be used for Sign-in (during authentication)

One the SP user profile has been updated with the UUID and linked with UAE Pass account, subsequent Sign-in attempts by user should be based on matching UUID

Error Message Guidelines

Error message needs to be aligned with UAE Pass button guideline which includes the error message, it is available under the design guidelines in the UAE Pass Toolkit.

User to initiate authentication not SP

SP is recommended not to initiate UAE Pass authentication on behalf of user. Applying for a service needs to be initiated by user.

Consistent allowed user type & experience (local vs UAE Pass) should be maintained

They allowed user types and services through local login needs to be similarly allowed to login via UAE Pass too. For example, if an SP allows basic non-verified users to avail baisc services through local login then same users should be allowed to login through UAE Pass.

Onboarding redirect URL

In order to initiate onboarding on Stage environment, redirect URL provided should be either Dev or Stage enviroment.
In order to Go Live, the production refirect URL will be required by SP after assessment sign-off by UAE Pass Onboarding team.

UAE Pass usage for limited scope must be avoided

UAE Pass is intended for Authentication purpose and hence the full journey needs to be implemented by SP for users to avail all services on SP channel similar to Lgin through SP Local mechanism.
For example: Using UAE Pass for updating user details (email/mobile number) alone should be avoided

Selected Use Case Flow

Please make sure to highlight use case no (UC X.X.X) in your submitted use case scenarios diagram

Client Credentials from UAE Pass should only be used for approved use case channel

UAE Pass client credentials are channel (Web or Mobile) specific.
The Client Credentials are shared by UAE Pass onboarding team after use case has been approved.
These credentials should not be reused for a diffent channel/use case without being discussed and approved by UAE Pass team.

PreviousStandard Digital Signature Scenarios for Service Provider Use Cases NextDesign Guidelines

Last updated 1 month ago