CA AuthMinder Web Services Guide › Understanding AuthMinder WorkFlows › ArcotID PKI Roaming Download Workflow

ArcotID PKI Roaming Download Workflow

To perform ArcotID PKI authentication, the ArcotID PKI of the user must be present on the user’s system that is used by the authentication session. If the user is travelling or does not have access to the system, where their ArcotID PKI is stored, then the user has to download the ArcotID PKI from AuthMinder Server and then perform the authentication.

The typical steps for roaming download of the ArcotID PKI are:

1. User logs in to your online application.

   Your application authenticates the user.

2. User chooses to download the ArcotID PKI.

   Your application displays the appropriate page to the user to download their ArcotID PKI.

3. AuthMinder performs secondary authentication.

   Based on the secondary authentication mechanism that you are using, your application displays appropriate pages to the user. For example, your application can prompt the user to:

   • Answer the security questions that they selected while enrolling with your application.
   • Enter the OTP, which is sent to the user by email, SMS, or other customized method.
4. Your application calls AuthMinder’s DownloadCredential operation of the ArcotWebFortIssuanceSvc service.

   If the secondary authentication was successful, only then your application should call the DownloadCredential operation. This call downloads the corresponding ArcotID PKI to the your application.

5. Download the ArcotID PKI to user’s system.

   Invoke the ImportArcotID() client-side JavaScript API to download the ArcotID PKI to the end-user’s system without any user interaction.

The following figure illustrates the workflow for roaming download of ArcotID PKI: