What is Roaming flow of ArcotID OTP?
The Advanced Authentication service offers roaming capabilities to enable end users to download their ArcotID OTP securely and authenticate from any system when the need arises. Roaming users who do not have the ArcotID OTP application or JavaScript Client on their device can set up a different device to retrieve their ArcotID OTP credential from the Advanced Authentication service. The downloaded ArcotID OTP can then be used to authenticate to any protected resource in a browser.
To enable roaming, one or more secondary authentication mechanisms must be configured for the user during enrollment. At runtime, if secondary authentication is successful, the ArcotID OTP credential is downloaded to the end user's device.
If Security Code is used for secondary authentication, during enrollment the end user is prompted to provide additional private information, which is composed of a series of user-defined question and answer pairs. Similarly, if security code is used for secondary authentication, during enrollment the end user is prompted to provide an email address or telephone number to which the security code must be sent. At runtime, an end user who tries to download the ArcotID OTP from a different device is first authenticated using the questions and answers or the security code that they received as an email message, SMS, or voice message.
<Please see attached file for image>
<Please see attached file for image>