Device Binding

The Device Binding flow provides a secure method to meet the BSI TR-03161 requirements for the substantial security level. Next to its high level of security it also allows for very user friendly authentication flows. It supports the following authentication methods:

Username/ Password
Email/Password

Foundation

The implementation of Device Binding is based on the gematik specification for Sectoral IDP Auth Apps, for more information see here.

It is supported by:

Google Play Attestation/Integrity

and

Apple App Attest

Registration Flow

Health-ID

What is the HealthID

For more information on the German HealthID please visit the gematik website

The Device Binding flow enables linking Health-ID via azuma mimoto. The general approach is as follows:

Integrate Health-ID with the native mobile flow, so that you arrive at "Identity Token returned" from azuma mimoto.
With the Identity Token, you can register/login against azuma doa by using the appropriate APIs.

Required configuration

For Health-ID integration with azuma mimoto to work in azuma doa, a correct Audience configuration is required. The used azuma mimoto client IDs need to be configured in azuma doa Tenant Administration as allowed Audiences.

Example:

Client-ID in azuma mimoto:

Device Binding

Foundation​

Registration Flow​

Login Flow​

Health-ID​

Required configuration​

Foundation

Registration Flow

Login Flow

Health-ID

Required configuration