Anonymous Flows

What is Anonymous Enrollment?

Anonymous Enrollment is a process that allows a device to receive an access token with the lowest access level. This token is “anonymous” because it does not contain any personal user data (e.g., username or email). Instead, it provides a minimal access token that can be used to request a token for further authorizations with third-party applications.

Why should you use Anonymous Enrollment?

• Privacy-Friendly: No sensitive personal data is transmitted.
• Quick Onboarding: Ideal for scenarios where user identity is not immediately required.
• Flexible Authentication: Supports different storage modes through varying authentication levels (e.g., .no, .biometric).

How it works with MC-SDK?

When the MC-SDK detects that activation is required (i.e., sdkState == ActivationRequired), it is time to trigger the anonymous enrollment process. This is done by using the EnrollAnonymousUserEvent with the following parameters:

• tenantId (String)
• authenticationMode (AuthenticationMode)
• clientId (String)

Note: Ensure that the clientId is properly configured on your Identity Provider (IDP). By default, the system uses AnonymousUserEnrollment with a device enrollment browser flow. For detailed setup instructions, please refer to our IDP Setup Documentation.

Setup and Requirements

MC-SDK Integration

• Ensure the MC-SDK is properly integrated into your project. For that please refer to our documentation

IDP Configuration

• Verify that the clientId is configured on your IDP backend. This is critical for a successful enrollment. For detailed instructions on configuring your clientId, please see our IDP Setup Documentation.

Authentication Modes

Decide on the authentication mode to use. Options include:

• .no (no extra security)
• .biometric (requires biometric authentication)

---

Starting the Enrollment Process

The StartEvent is the initial event that must be triggered when your app starts communicating with the Master Controller. This event is crucial as it determines whether the user needs to activate or log in and handles important configuration tasks in the background. For detailed instructions on configuring StartEvent, please see our documentation.

When your app receives sdkState == ActivationRequired, trigger the enrollment process using the EnrollAnonymousUserEvent. To see the request and API references see our documentation

MC-SDK Features After Enrollment

Once the anonymous enrollment process is complete, the MC-SDK enables several key features that allow the app to operate securely and efficiently. One of the most important features is the ExchangeIamToken functionality, which ensures secure operations once device binding is completed.

After completing anonymous enrollment, you can trigger the OfflineLoginEvent to log in the user or device. For every authentication operation, it is essential to trigger the ExchangeToken event to maintain secure communication and access control.

Once these steps are completed, you can access additional functionality provided by the MC-SDK throughout the app. For a comprehensive list of all possible operations, please refer to our documentation

Event Flow and API Reference

This section provides an overview of the key events and their associated API references used throughout the anonymous enrollment flow. These events ensure secure and smooth operations, from starting communication with the Master Controller to backend communication and secure token exchanges.

---

Event Flow Overview

StartEvent:
Triggered when the app starts communicating with the Master Controller. This event initializes the app, determines if the user needs to activate or log in, and handles necessary configuration tasks in the background.

• Learn more about StartEvent
• API Reference for StartEvent

AnonymousEnrollment:
Triggered when sdkState == ActivationRequired. This event registers the device anonymously and retrieves an initial access token.

• Learn more about AnonymousEnrollment
• API Reference for AnonymousEnrollment

OfflineLoginEvent:
Triggered when sdkState == loginnRequired or after successful enrollmen. This event enables the user/device to log in.

• Learn more about OfflineLoginEvent
• API Reference for OfflineLoginEvent

ExchangeToken:
Triggered for every authentication operation to securely exchange the initial token for an IAMAccessToken. This ensures secure access to sensitive operations and third-party services.

• Learn more about ExchangeToken
• API Reference for ExchangeToken

CreateHttpCommonRequest:
Used to securely communicate with backend servers. This event handles secure, encrypted HTTP requests and responses, ensuring that sensitive data is transmitted safely.

• Learn more about CreateHttpCommonRequest
• API Reference for CreateHttpCommonRequest

RestartEvent:
Triggered in situations where you need to reset the SDK state or reinitialize communication with the Master Controller. This can be useful in scenarios like app restarts or major state changes.

• Learn more about RestartEvent
• API Reference for RestartEvent

These event flows and their corresponding API references are critical to enabling secure enrollment, authentication, and backend communication throughout the app.