Mobile SDK Integration Flows

To authenticate with PingOne Recognize, a user must first enroll their biometric template. Enrollment with PingOne Recognize consists of registering the user’s biometric features in a privacy-preserving manner using the various enrollment methods from the PingOne Recognize SDK.

The most common authentication scenarios for the PingOne Recognize SDK are:

In this scenario, the user is trying to access a resource in a web application for which strong authentication is required. The web application backend sends a push notification to the customer app to request that the user identify themselves with PingOne Recognize. After biometric authentication is successful, the flow returns to the web application backend, which leverages the APIs exposed by the PingOne Recognize backend to perform additional security checks.

Once the PingOne Recognize backend confirms that the authentication was successful, the user is allowed access to the resource.

In this scenario, the user is trying to access a resource directly in the mobile application for which strong authentication is required. The mobile application sends a push notification to the customer app to request that the user identify themselves with PingOne Recognize. After biometric authentication is successful, the flow returns to the mobile application backend, which leverages the APIs exposed by the PingOne Recognize backend to perform additional security checks.

Once the PingOne Recognize backend confirms that the authentication was successful, the user is allowed access to the resource.

The PingOne Recognize SDK supports both Android and iOS and exposes API methods to interact with the PingOne Recognize Privacy-Preserving Network to perform the following actions:

The PingOne Recognize SaaS backend offers APIs that can be used to perform security checks through backend-to-backend calls. Specifically, it is possible to interrogate the PingOne Recognize backend after the SDK returns an OK response for an authentication attempt.