CA AuthMinder Java Developer's Guide › Understanding AuthMinder WorkFlows › ArcotID PKI Roaming Download Workflow

ArcotID PKI Roaming Download Workflow

To perform ArcotID PKI authentication, the ArcotID PKI of the user must be present on the user’s system that is used for the current authentication session. If the user is travelling or does not have access to the system, where their ArcotID PKI is stored, then the user has to download the ArcotID PKI from the AuthMinder Server and then perform the authentication.

The typical steps for roaming download of the ArcotID PKI are:

1. User logs in to your online application.

   Your application authenticates the user.

2. User chooses to download the ArcotID PKI.

   Your application displays the appropriate page to the user to download their ArcotID PKI.

3. AuthMinder performs secondary authentication.

   Based on the secondary authentication mechanism that you are using, your application displays appropriate pages to the user. For example, you can prompt the user to:

   • Answer the security questions that they selected while enrolling with your application.
   • Enter the One-Time Password (OTP), which is sent to the user by email, SMS, or other customized method.
4. Your application calls AuthMinder’s Issuance.Cred.downloadCredential function.

   If the secondary authentication was successful, only then your application should call the downloadCredential() function in the CredentialIssuance interface. This call downloads the corresponding ArcotID PKI to the application.

5. Download the ArcotID PKI to the user’s system.

   Invoke the ImportArcotID() client-side API to download the ArcotID PKI to the enduser’s system without any user interaction.

The following figure illustrates the workflow for roaming download of ArcotID PKI: