UAE PASS
  • UAE PASS
  • Overview
  • Getting Onboarded with UAE PASS
    • Onboarding Process for UAE PASS Service Providers
      • Initiation Phase
      • Development Phase
      • Assessment Phase
      • Go live Phase
  • Quick Start Guide - UAE PASS Staging Environment
    • User Account Types
    • Create Staging UAE PASS Account
    • Upgrade Staging UAE PASS Account
    • Testing Credentials for POC
    • Conduct a POC with UAE PASS Authentication
  • Feature Guides
    • Authentication
      • Web Integration
        • Introduction
        • Pre-Requisites
        • Endpoints
        • 1. Authorization Code
        • 2. Access Token
        • 3. User Information
        • 4. Logout
        • Login Button
        • Authentication Postman Walkthrough
      • Mobile Integration
        • Introduction
        • Pre-Requisites
        • Requirements
        • Guide
          • SDK
          • API
        • SDK Integration
      • Token Validation API
        • Introduction
        • Pre-Requistes
        • Endpoints
        • Integration Steps
          • 1. Verify access token API using Basic Authentication
          • 2. Obtaining Authenticated User Information from the Access Token
        • Validation Decisions
      • User Linking
        • Automatic Linking
        • Manual Linking
        • Corporate Account
    • Digital Signature
      • Digital Signature (Single Document)
        • Signing Guide
          • Endpoints
          • Document Signing Steps
            • 1. Token
            • 2. Create Signer Process
            • 3. Sign Document
            • 4. Obtaining Document
            • 5. LTV Configuration
              • Integration Web Services
              • Postman Collection for LTV
            • 6. Deleting Document
          • Document Signature verification Process
          • Postman Collection for Digital Signature
            • Digital Signature Postman Walkthrough
        • Verification API Integration
          • Web Service Details
          • Postman Collection for Signature Verification API
      • Digital Signature (Multiple Document)
        • Signing Guide
          • Endpoints
          • Document Signing Steps
            • 1. Token
            • 2.Create Documents
            • 3. Create Signer Process
            • 4. Sign Document
            • 5. Obtaining Document
            • 6. LTV Configuration
              • Integration Web Services
              • Postman Collection for LTV
            • 7. Deleting Document
          • Document Signature verification Process
          • Postman Collection for Multiple Document Signing.
    • e-Seal
      • Introduction
      • DESC Process for Dubai Entities
        • Process overview
        • Detailed DESC process description
      • ICA Process for Non-Dubai Entities
        • Onboarding Process
        • Obtaining Credentials and Certificates
      • Integration Web Service
        • PAdES eSeal Signing
        • CAdES eSeal Signing
        • eSeal verification
        • eSeal error codes
      • Postman Collection
    • Hash Signing
      • Introduction
      • Hash Signing (Single Document)
        • Hash Signing (Java SDK Set Up)
          • Quick Setup
          • Hash Signing Process
            • 1. Start the Process
            • 2. Initiate Signing Process
            • 3. Sign PDF Document
          • Endpoints
          • Postman Collection
          • Utility Files
      • Bulk Hash Signing (Multiple Documents)
        • Quick Setup
        • Hash Signing Process
          • 1. Start Signing Process
          • 2. Initiate Signing Process
          • 3. Sign PDF Document
        • Endpoints
        • Postman Collection
  • Web Registration
    • Introduction
    • Steps to create account
    • Endpoints
      • 1. Access Code
      • 2. Access Token
      • 3. User Information
  • Facial Biometric Transactions Confirmation
    • Web Integration
      • Endpoints
      • Integration Steps
        • Obtain Authorization Code
        • Obtain Access Token
        • Obtain User Info
        • Log out User
    • Mobile Integration
      • Mobile Integration Guidelines
  • Guidelines
    • Use-Case Guidelines
      • Standard Authentication Scenarios for Service Provider Use Cases
      • Standard Digital Signature Scenarios for Service Provider Use Cases
      • Standard Implementation Guidelines
    • Design Guidelines
      • UAEPASS Button Guideline
      • Text Message Guidelines
  • Resources
    • Attributes List
    • Sample Apps
    • Staging Apps
    • Assets
  • FAQ
    • Common Integration Issues
  • Versioning
Powered by GitBook
On this page

Was this helpful?

  1. Guidelines
  2. Use-Case Guidelines

Standard Implementation Guidelines

This section details out the guidelines that SP needs to adhere by when implementing their use case with UAE PASS. These guidelines will be checked by Onboarding team as listed below.

  • Prior to use case approval and sign-off

  • Assessment on Stage Environment prior to Go Live

  • Production Verification Post Go Live immediately

  • Quality Assurance checks

#
Guideline
Description

1

UAE Pass login and SP local login flows should be independent

  • The use case flow of users logging in through UAE Pass on your channel should be totally segregated from your current Local Login flow.

In other words, "Sign in with UAE Pass" or "Sign Up with UAE Pass" flows should never be merged with your existing SP local login or local registration flow.

2

Linking identifier (attribute/s) should be unique & verified

  • As part of the of account linking (one time) step the unique identifier that will be used for linking your internal users' profile with UAE Pass should be based on attributes that are unique per user record (no possible duplicates) and to be verified.

3

SOP level to be highlighted in the Use Case diagram

4

UUID needs to be stored

  • The UUID which is shared by UAE Pass needs to be stored mandatorily post account linking/user account registration process flows with UAE Pass.

5

Linking of Verified UAE Pass with Non-Verified Local Accounts and vice versa is LESS Recommended

  • SP should keep in mind that during use case designing, SP should not perform linking on the below cases:

  1. SP local Unverified accounts with UAE Pass Verified accounts (SOP2/SOP3)

  2. SP local Verified accounts with UAE Pass Unverified accounts (SOP1)

6

Email only as a unique verified attribute is NOT Recommended

  • Automatic account linking scenarios do include a scenario where Verified Email only can be used as the unique identifier to link existing verified user at SP with verified user in UAE Pass. Although it is acceptable in some specific cases, we do not recommend it unless none of the earlier acceptable scenarios are possible

7

Local User ID/password setting for customers during UAE Pass registration flow is NOT allowed

During the New User Registration Flow via UAE Pass (Whether New customer to SP or existing customer with no Online account) SP should not do the following:

  • User should not be promoted to create username and password

  • Username and password created by SP in backend for user should not be shared via email or SMS

8

Local User Account Password change during UAE Pass Sign in flow is NOT Allowed

  • SP should not provide user an ability to change his/her local account password when logging in through UAE Pass

9

Sharing of New Local account details is NOT allowed through UAE Pass

  • During the new registration flow through UAE Pass, SP is allowed to create a new user ID or online account ID for the customer and set a temp password in the backend at SP side.

  • User should not be aware of such backend process since account has been created using a Digital ID (password-less) platform.

  • Local user ID/password MUST NOT be shared with customer during or post registration flow.

  • SP can share the local account details with user via email or SMS once user attempts to login through SP local login mechanism by clicking on Forget Password option in SP login channel.

10

Use Case Release

  • In order to provide the best experience covering all users (Existing users with/without online access & New to SP Users), SP needs to plan implementation of Automatic, Manual & New User Registration and cover all scenarios in the same release for go-live

11

UUID should be used for Sign-in (during authentication)

  • Once the SP user profile has been updated with the UUID and linked with UAE Pass account, subsequent Sign-in attempts by user should be based on matching UUID

12

Error Message Guidelines

13

User to initiate authentication not SP

  • SP is recommended not to initiate UAE Pass authentication on behalf of user. Applying for a service needs to be initiated by user.

14

Consistent allowed user type & experience (local vs UAE Pass) should be maintained

  • The allowed user types and services through local login needs to be similarly allowed to login via UAE Pass too. For example, if an SP allows basic non-verified users to avail basic services through local login, then same users should be allowed to login through UAE Pass.

15

Onboarding redirect URL

  • In order to initiate onboarding on Stage environment, redirect URL provided should be either Dev or Stage environment.

  • In order to Go Live, the production redirect URL will be required by SP after assessment sign-off by UAE Pass Onboarding team.

16

UAE Pass usage for limited scope must be avoided

  • UAE Pass is intended for Authentication purpose and hence the full journey needs to be implemented by SP for users to avail all services on SP channel similar to Login through SP Local mechanism.

  • For example: Using UAE Pass for updating user details (email/mobile number) alone should be avoided

17

Selected Use Case Flow

  • Please make sure to highlight use case no (UC X.X.X) in your submitted use case scenarios diagram

18

Client Credentials from UAE Pass should only be used for approved use case channel

  • UAE Pass client credentials are channel (Web or Mobile) specific.

  • The Client Credentials are shared by UAE Pass onboarding team after use case has been approved.

  • These credentials should not be reused for a different channel/use case without being discussed and approved by UAE Pass team.

24

Verified Attribute

  • Emirates ID accepted verification methods:

  1. Online verification using biometric solutions (e.g. Validation Gateway by ICA)

  2. Online verification of Emirates ID by (backend office agent) using ICA/MOI Web service.

  3. Physical verification of Emirates ID (face to face) by agent and Emirates ID card reader.

  4. Physical verification of Emirates ID (face to face) by agent and ICA/MOI Web service.

  5. Physical verification of Emirates ID (face to face) by agent.

  • Email and mobile number accepted verification methods:

  1. One-time Pin (OTP)or Password

  2. Activation link

Manually entered emirates ID number / email ID/mobile number without any of the above verification methods cannot be considered as verified attribute.

25

Automatic Linking

  • Automatic linking scenario is achieved by the following:

  1. Verified Emirates ID match

  2. Verified Email ID match (if Email ID is unique attribute at the SP)

  3. Verified Email ID and Mobile number match

  • Linking Scenario for Visitor Onboarding:

1. SP to perform account linking based on email OR mobile number

26

Manual Linking

  • Manual linking is achieved by the following:

  1. Promote user to type username and password in the SP local IAM

  2. Promote user to answer Secret Questions

27

New User Registration

  • New user account is achieved by the following:

  1. Show the SP Registration Form

  2. Auto-fill data the SP Registration Form from UAE Pass and GSB/DV.

  3. Ask the user to complete other fields specific to the business

Automatic Account Linking Scenario

The Automatic account linking is applicable when the user account fits the below:

  • User already has an account with SP.

  • SP has unique and verified attribute like Emirates ID Number, Email ID, & Mobile Number, or Unique Email ID

Steps:

  • SP matches the unique and verified attribute(s) with UAE PASS attributes.

  • The linking is achieved by storing the linking attribute UUID provided by UAE PASS to the matched user record at SP side.

  • This is one-time activity and should be done only on first login attempt.

Manual Account Linking Scenario

The Manual account linking is applicable when the user account fits the below:

  • User already has an account with SP.

  • SP does not have any unique and verified attribute like emirates ID number/email ID & Mobile Number/email ID.

Steps:

  • SP request user to enter local IAM username and password.

  • Promote user to answer Secret Questions.

  • The linking is achieved by storing the linking attribute UUID provided by UAE Pass to the matched user record at SP side.

  • This is one-time activity and should be done only on first login attempt.

New User Registration Scenario

The new user registration is applicable when the user account fits the below:

  • User does not exist in SP.

  • User exists but no Online account at SP.

Steps:

  • Show the SP Registration Form

  • Autofill the SP Registration Form with data from UAE Pass and GSB/DV.

  • Ask the user to complete other fields specific to the business.

  • SP stores UUID provided by UAE Pass to the newly created user record at SP side.

Additional SP Verification Methods

#
Guideline
Description

1.

OTP verification during Sign up flow.

  • Email and Mobile OTP verification during account linking is accepted.

  • Email and Mobile OTP verification during manual account linking is accepted if the SPs native login mechanism is OTP verification.

  • Email and Mobile OTP verification during Sign up flow is accepted after UAE PASS authentication is completed.

2.

Security Question Set up During Sign up flow.

  • Should be after completing UAE PASS authentication and successful Doc sharing or/ and in the User Profile as an additional setting.

3.

PIN/Face ID set up during Sign up flow.

  • Should be after completing UAE PASS authentication journey and successful Doc sharing or/ and in the User Profile as an additional setting.

4.

Device Name set up during Sign up flow.

  • Should be after completing UAE PASS Authentication journey and successful Doc sharing or/ and in the User Profile as an additional setting.

5.

Face liveness check set up during Sign up flow.

  • Should be after completing UAE PASS authentication and successful Doc sharing or/ and in the User profile as an additional setting.

1. Face biometric tool (Liveness check).

2. Capture Face image.

Note: Additional SP verification methods are applicable only for Private Service Provider channels based on internal approvals of UAE PASS Onboarding Team.

PreviousStandard Digital Signature Scenarios for Service Provider Use CasesNextDesign Guidelines

Last updated 25 days ago

Was this helpful?

UAE Pass user account Strength of Profile (SOP) level need to be mentioned in the use case flow as per business requirement. For more details on UAE Pass account types please refer to .

Error message needs to be aligned with UAE Pass Text Message guideline which includes the error message, it is available under design guidelines in

User Account Types
https://docs.uaepass.ae/guidelines/design-guidelines/text-message-guidelines