Workflows to migrate from Mobile Authenticator Studio 4.x to 5.x

When your institution upgrades from Mobile Authenticator Studio 4.x to 5.x, your customers will encounter some prompts to migrate from the old process to the new one. The migration process is triggered each time when a non-migrated account is used for an operation.

If no user account is activated for the Mobile Authenticator Studio app, no migration is needed.

Migration of non-protected accounts: migrate first user account

In this scenario, the user did not have a password or biometric authentication set up in their previous installation of Mobile Authenticator Studio. When the user migrates to Mobile Authenticator Studio 5.x via a Scan & Sign request, they will need to set up a PIN to be compliant with the OneSpan security policy. In addition, the user can optionally also configure biometric authentication.

To migrate the first non-protected user account

1. (Optional, available only if notifications are enabled) The user is presented with the notification permission screen. The user clicks Allow notifications to grant Mobile Authenticator Studio permission to send notifications.

2. On the home screen, the user taps the Scan Code button.

3. The user scans the Cronto image.

4. The user chooses a PIN.

   The PIN that is set for the first migrated account is shared with all additional accounts on the device.

5. The user confirms the PIN.

6. The user is prompted to choose the preferred authentication method for future access:

   • Use FaceID

   • Use Touch ID

   • Skip to use a PIN instead of biometric authentication

7. The user can view the request details and scroll down to see all details.

8. At the bottom of the request details screen, the user taps Approve.

9. The user needs to authenticate with their preferred method to approve the request.

10. The user account is now activated.

Migration of non-protected accounts: migrate additional user accounts

In this scenario, the user has already migrated an account that did not have a password or biometric authentication set up in their previous installation of Mobile Authenticator Studio.

To migrate additional user accounts

1. (Optional, available only if notifications are enabled) The user is presented with the notification permission screen. The user clicks Allow notifications to grant Mobile Authenticator Studio permission to send notifications.

2. On the home screen, the user taps the Scan Code button.

3. The user scans the Cronto image.

4. The app displays the Enter PIN screen to inform the user they can use the same PIN they set for the migration of the first account.

5. The user enters the PIN and taps Continue.

6. The user account is now activated.

7. The user chooses the preferred authentication method for future access:

   • Use FaceID

   • Use Touch ID

   • Skip to use PIN instead of biometric authentication

8. The user can view the request details and scroll down to see all details.

9. At the bottom of the request details screen, the user taps Approve.

10. The user needs to authenticate with their preferred method to approve the request.

Migration of password-protected accounts: migrate first user account

In this scenario, the user had a password protected account in their previous installation of Mobile Authenticator Studio. When the user migrates to Mobile Authenticator Studio 5.x via a Scan & Sign request, they will no longer be able to use password protection. The user will need to set up a PIN to be compliant with the OneSpan security policy. In addition, the user can optionally also configure biometric authentication.

For multi-device licensing configurations, if activations exist for the app and the user launches Mobile Authenticator Studio version 5.x for the first time, their password must be migrated. Also, a new 6-digit PIN must be created when an OTP is generated or at the beginning of any flow that requires authentication. Users are prompted to enter their password, followed by their new PIN. Once the migration is completed, the user must authenticate directly before an OTP is generated.

If the user enters a wrong password or forgot the password used in 4.x and cannot authenticate, the activation for their account will be deleted, and the user will have to activate their account again.

To migrate the first password-protected user account

1. (Optional, available only if notifications are enabled) The user is presented with the notification permission screen. The user clicks Allow notifications to grant Mobile Authenticator Studio permission to send notifications.

2. On the home screen, the user taps the Scan Code button.

3. The user scans the Cronto image.

4. The user has to enter the password that they used in the previous version of Mobile Authenticator Studio.

5. The user taps Choose PIN.

6. The user chooses a PIN code. This needs to have a length of 6 digits.

   If the old password already had 6 digits, the new PIN is set automatically, using the value of the old password.

   The PIN that is set for the first migrated account is shared with all additional accounts on the device.

7. The user confirms the PIN from the previous step.

8. The user chooses preferred authentication method for future access:

   • Use Face ID

   • Use Touch ID

   • Skip to use PIN instead of biometric authentication

9. The user can view the request details and scroll down to see all details.

10. At the bottom of the request details screen, the user taps Approve.

11. The user needs to authenticate with their preferred method to approve the request.

12. The user account is now activated.

Migration of password-protected accounts: migrate additional user accounts

In this scenario, the user has already migrated a password protected account from their previous installation of Mobile Authenticator Studio.

To migrate additional password-protected user accounts

1. (Optional, available only if notifications are enabled) The user is presented with the notification permission screen. The user clicks Allow notifications to grant Mobile Authenticator Studio permission to send notifications.

2. On the home screen, the user taps the Scan Code button.

3. The user scans the Cronto image.

4. The user has to enter the password that they used in the previous version of Mobile Authenticator Studio.

5. The app displays the Enter PIN screen, informing the user that they can use their PIN they have configured. The user taps Continue.

6. The user account is now activated.

7. The user chooses preferred authentication method for future access:

   • Use FaceID

   • Use Touch ID

   • Skip to use PIN instead of biometric authentication

8. The user can view the request details and scroll down to see all details.

9. At the bottom of the request details screen, the user taps Approve.

10. The user needs to authenticate with their preferred method to approve the request.

Migration of biometry-protected accounts: migrate first user account

In this scenario, the user had a biometry protected account in their previous installation of Mobile Authenticator Studio. In addition to the biometric authentication method, the user will need to set up a PIN to be compliant with the OneSpan security policy.

The user does not have to enrol existing biometry again but is able to continue using the biometric data they enrolled in 4.x.

If the user was using biometry and had a password, they need to authenticate with biometry and choose a 6-digit PIN code. If biometric authentication is not available, the user can authenticate with password (the fallback password) and then choose the new PIN code.

To migrate the first biometry-protected user account

1. (Optional, available only if notifications are enabled) The user is presented with the notification permission screen. The user clicks Allow notifications to grant Mobile Authenticator Studio permission to send notifications.

2. On the home screen, the user taps the Scan Code button.

3. The user scans the Cronto image.

4. The user authenticates with the biometric authentication method that they used in the previous version of Mobile Authenticator Studio.

5. The user taps Choose PIN.

6. The user chooses a PIN code. This needs to have a length of 6 digits.

   If the old password already had 6 digits, the new PIN is set automatically, using the value of the old password.

   The PIN that is set for the first migrated account is shared with all additional accounts on the device.

7. The user confirms the PIN from the previous step.

8. The user account is now activated.

9. The user can view the request details and scroll down to see all details.

10. At the bottom of the request details screen, the user taps Approve.

11. The user needs to authenticate again with their preferred method to approve the request.

Migration of biometry-protected accounts: migrate additional user accounts

In this scenario, the user has already migrated a biometry- protected account from their previous installation of Mobile Authenticator Studio.

To migrate additional biometry-protected user accounts

1. (Optional, available only if notifications are enabled) The user is presented with the notification permission screen. The user clicks Allow notifications to grant Mobile Authenticator Studio permission to send notifications.

2. On the home screen, the user taps the Scan Code button.

3. The user scans the Cronto image.

4. The user authenticates with the biometric authentication method that they used in the previous version of Mobile Authenticator Studio.

5. The app displays the Enter PIN screen, informing the user that they can use their PIN they have configured. The user taps Continue.

6. The user account is now activated.

7. The user needs to authenticate with their preferred method.

8. The user can view the request details and scroll down to see all details.

9. At the bottom of the request details screen, the user taps Approve.

10. The user needs to authenticate with their preferred method to approve the request.

This is repeated for all activated user accounts.