Anonymous Enrollment
What is Anonymous Enrollment?
Anonymous Enrollment is a process that allows a device to receive an access token with the lowest access level. This token is "anonymous" because it does not contain any personal user data (e.g., username or email). Instead, it provides a minimal access token that can be used to request an IAMAccessToken for further authorization with third-party applications.
Why Use Anonymous Enrollment?
- Privacy-Friendly: No sensitive personal data is transmitted upfront.
- Quick Onboarding: Ideal for scenarios where user identity is not immediately required.
Setup and Requirements
MC-SDK Integration
Ensure the MC-SDK is properly integrated into your project. For details, refer to our API overview documentation.
IDP Configuration
Ensure that you have a client configured on your IDP setup that allows anonymous enrollment. By default, the system uses AnonymousUserEnrollment with a Device enrollment browser flow. For detailed instructions, see our IDP Setup Documentation.
Anonymous Enrollment Flow
When the MC-SDK detects that activation is required (i.e., sdkState == ActivationRequired), trigger the anonymous enrollment process using the EnrollAnonymousUserEvent. As a result, you should receive the status OK from MCSDK.
Event Flow Diagram
iOS/Swift
public func triggerEnrollAnonymousUser(tenant: String, authenticationMode: KSMAuthenticationMode, clientId: String, completion: @escaping (KsEvent) -> Void) {
let tokenRequest = KSMEnrollAnonymousUserEvent(tenantId: tenant, authenticationMode: authenticationMode, clientId: clientId)
masterControllerAdapter.sendEvent2MasterController(tokenRequest) { event in
guard let returnedEvent = event else { return }
completion(returnedEvent)
}
}
Android/Kotlin
fun triggerEnrollAnonymousUserEvent(authMode: AuthenticationMode, clientId: String, tenantId: String) {
val enrollAnonymousUserEvent = EnrollAnonymousUserEvent(tenantId, authMode, clientId)
mcEventHandler?.postEvent(enrollAnonymousUserEvent)?.then {
// handle result
}
}
⚠️ Important: If you are using KSSIDP via
com.kobil.kssidp.wrapper.masterController.EventListener, make sure youronEventReceivedhandles the result event. Don't forget to register your listener withKssIdp.addEventListener(yourEventListenerImpl). If you are using the MC wrapper directly viacom.kobil.wrapper.SynchronousEventHandler, make sure yourexecuteEventoverride handles it. See Communication with the MasterController for details.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
tenantId | String | Provided by the backend services. |
authenticationMode | AuthenticationMode | Determines how the token is stored. Options: .no, .password, .biometric. See authentication modes. |
clientId | String | The client identifier configured on the IDP for anonymous enrollment. |
Offline Login After Enrollment
After a successful anonymous enrollment, the device is activated. On subsequent app launches, the MC-SDK returns sdkState == loginRequired. At this point, use the OfflineLoginEvent to re-authenticate. For details and implementation examples, see Stay Logged In.
After Enrollment and Login
Once enrollment and login are complete, trigger the ExchangeIamTokenEvent for every authentication operation to securely obtain an IAMAccessToken. For details on how token exchange works, caching behavior, and how to inspect token claims, see Exchange IAM Token.
Event Reference
| Event | Description | Reference |
|---|---|---|
| StartEvent | Triggered when the app starts communicating with the Master Controller. Determines if the user needs to activate or log in. | Documentation · API Reference |
| EnrollAnonymousUserEvent | Triggered when sdkState == ActivationRequired. Registers the device anonymously and retrieves an initial access token. | API Reference |
| OfflineLoginEvent | Triggered when sdkState == loginRequired or after successful enrollment. Authenticates the user using stored offline tokens. | API Reference |
| ExchangeIamTokenEvent | Triggered for every authentication operation to securely exchange the initial token for an IAMAccessToken. | Documentation · API Reference |
| CreateHttpCommonRequest | Used to securely communicate with backend servers via encrypted HTTP requests and responses. | Documentation · API Reference |
| RestartEvent | Triggered to reset the SDK state or reinitialize communication with the Master Controller. | Documentation · API Reference |