Mobile Connect is an initiative by GSM Association (GSMA). GSMA represents the interests of mobile operators worldwide, uniting nearly 800 operators with more than 250 companies in the broader mobile ecosystem. The Mobile Connect initiative focuses on building a standard for user authentication and identity services between mobile network operators and service providers. SAML, OpenID Connect and WS-Federation have become the most popular ways of implementing identity federation and single sign-on (SSO) for many service providers. This webinar will explore an approach to help service providers migrate from their existing protocols to Mobile Connect in a zero-code-change approach, with the WSO2 Identity Server. It will also discuss how to secure access to your most precious SaaS applications with Mobile Connect. Introduction to Mobile Connect Introduction to WSO2 Telco and the WSO2 Identity Server How to migrate from OpenID Connect or SAML to Mobile Connect How to login to Salesforce/Google Apps via Mobile Connect The webinar was presented by Prabath Siriwardena, Director Security Architecture at WSO2 and Venura Mendis, CTO at WSO2.Telco.

1. Securing Access to SAAS Apps with
GSMA Mobile Connect
Prabath Siriwardena, WSO2
prabath@wso2.com
Venura Mendis, WSO2.Telco
venura@wso2telco.com
Keet Sugathadasa, WSO2
keet@wso2.com

2. Agenda
● Introducing WSO2.Telco
● GSMA Mobile Connect Technical Overview
● Mobile Connect vs. OpenID Connect
● WSO2 Identity Server
● Mobile Connect support in WSO2 Identity Server
● Securing Access to Salesforce with GSMA Mobile Connect

3. WSO2.Telco the perfect hybrid
Digital Enablement
Powered by APIs for Telcos
Telco
Innovation
Visionary
Platform
Community
engagement

4. Our Products & Services
Dedicated Instance:
• Cloud
• On-Premise
• Hybrid
Shared Instances
Managed Hubs:
• India
• Axiata
• Dubai
Managed
Hub
Mobile Identity Gateway
Internal and External
Gateways

5. Introduction - Mobile Connect
WSO2.Telco powers 40% of the 2.5Bn Enabled Mobile Connect users

6. LOA2: Registered User Login / On-Net
Authentication
Confidential 6
User clicks to login
via mobile connect
Operator Authenticates
the End User in the
background using
Header enrichment
1.3 Registered User – Authentication via HE
Welcome to
wow.lk
Jonathan!
User is logged in to
the site
1
2

7. LOA2: Registered User Login / Off-Net
Authentication
1.4 Authentication via HE Fallback to USSD – LoA2 : Registered user
7
User clicks
to login via
mobile
connect
1 User prompted in
browser to enter
mobile number
2
USSD prompt confirmed by user
3 4
Welcome to
wow.lk
Jonathan!
User is logged
to the site
5

8. WSO2.Telco Mobile Identity Gateway
• GSMA Certified MCX Vendor
• Standalone solution delivering full Mobile
Connect functionality
➢ Authentication
➢ Authorization
➢ Attribute sharing
• Extendable Authenticator Framework
➢ SMS, USSD, HE , SIM, Smartphone
(LoA2)
➢ USSD, HE , SIM, Smartphone (LoA3)
• WSO2 Integration platform for custom
integrations
➢ SMPP
➢ Webservices
➢ ETSI 102.204 for standard compliant
MSSP
Mobile Identity
Gateway

9. How MCX works
9
CUSTOMER LOGIN
Desktop/mobile service access request Operator discovery
Authentication
SERVICE PROVIDER
4
WSO2.Telco MCX solution
1 2
3
Secure, convenient &
I don’t need to
remember multiple
usernames and
passwords!
GSMA API
exchange

10. Mobile Connect India Case Study – Six MNOs,
one MCX Hub
PLATFORM IN INDIA
Service
Providers
Digital Business enabler
Platform live for
12 months
Six MNOs
integrated
in 6months
LOA2 and 3 with
three
authenticators
Central
Business
Operations
Hub operated as a platform as a service hosted in India
• Only operational MCX Hub globally
• Central very agile MCX product evolution
• Fully operational Telco API Hub
• MNO on-premise option with no re-engineering
SMS USSD HE MCX
DoB CRM LBS Wallet

11. Mobile Connect vs. OIDC
● Mobile Connect uses OpenID Connect to talk to the MNO (Identity
Provider).
● https://medium.facilelogin.com/gsma-mobile-connect-vs-openid-
connect-eb3935a99b89#.mlpkqab1d

12. WSO2 Identity Server
● 5th Generation Product
● Current version 5.2.0 (Sept 2016)
● Based on WSO2 Carbon platform, which provides support for
multi-tenancy, logging, clustering, and other common services

13. Identity Federation Between Multiple Heterogeneous Systems

14. Identity Broker (SAML 2.0, OIDC, WS-Fed, CAS, OpenID)

15. Multi-step(multi-factor) Authentication

16. Multi-option Authentication

17. Just-in-time Provisioning (rule based + outbound provisioning)

18. Automated Provisioning of Accounts Among Heterogeneous
Systems.

19. Rule-based Provisioning

20. Mobile Connect in WSO2 IS

21. Mobile Connect in WSO2 IS

22. Mobile Connect Authenticator
Demonstration

23. Securing Access to Salesforce
with username/password

24. Securing Access to Salesforce with
Mobile Connect Authentication

25. Documentation and References
● What is Mobile Connect
http://keetmalin.wixsite.com/keetmalin/single-post/2016/09/30/What-
is-Mobile-Connect
● Mobile Connect for WSO2 Identity Server
http://keetmalin.wixsite.com/keetmalin/single-post/2016/10/03/Mobile-
Connect-Federated-Authenticator-for-WSO2-Identity-Server