Open-access-onboarding-journey

Industry

Technology

AWS Fargate Cluster AWS S3 AWS SNS Java 11 JOOQ MySQL Database Spring Security

Introduction

We developed a service where users can register themselves and do the complete onboarding, eliminating the need for a direct invitation to aggregate accounts.

Overview

TIDE-IAM provides a feature where users can aggregate all their banking and nonbanking accounts in a single dashboard. These users are basically called directors, Staff members, and Team members, where the Director is the main user who can aggregate the account directly, and if other users want to aggregate the account, the director sends them the invitation.

This complete service includes various services like user-management-service, KYC, and components like Gravitee access management and Gravitee API Gateway.

Challenges

Here the main challenge was that users needed a direct invitation for aggregating the account. Tide IAM came up with a new service called User Registration Service, and this complete journey of registration is called Open Access Journey.

Solution

We have developed a service where users can register themselves and do the complete onboarding. Once the onboarding is done, users will be able to aggregate the accounts.

Here the user will be called an Applicant, and after the onboarding is done, the user will be called an OPEN ACCESS OWNER.

These roles and related permissions are stored in MongoDB, and based on the journey flow it gets changed.

What is the purpose of these Open Access Services?

Service is to power the Open-access (aka Trial Switching) capability, which is to support Non-Tide Accounts (external) and Non-Tide members to be able to use Tide.

Process of onboarding Journey:

This onboarding journey includes the following steps for the user :

Get an access token they can use with the onboarding API (This token is basically a JWT token that is generated using the signature algorithm RS256).
Get their user added to the TIDE IAM system with a membership of the company they are completing an application form so that they can log back into it later.
Once all details are provided by the applicant and all the check results have been received, call the Decision Engine.
If the application is approved by the decision engine User is updated in user-management-service (UMS).

Architecture for open access onboarding :

Results

This feature allows the users to register themselves and they do not require someone to send them an invite link.
This feature eliminates the need for some endpoints which are mainly related to the staff users and used to send an invite link in the new jurisdiction.