Epic: SM-1818 - IAM: Authenticate and authorize to CC agent In Progress

Priority:

Effort estimate:

Review status: in preparation/ready to review/approved

As a Customer I want to confirm my identity of CC agent so that I can authorize the agent to take any action on my behalf

Role: Bank User, Customer

Objective: Confirm identity of bank user

Reason: security

Functional requirements:

To prove to the customer that caller is bank employee, following check can be initiated:

• Customer will log in to app and reach the authenticate calling CC agent screen

• Customer will pick 4 random numbers and press authenticate

• This action will be logged in the BOFE communication log

• CC agent will read out loud the random numbers, proving that he in fact has access to bank systems

If the customer wants to verify the veracity of the TLS,CS,Sales personnel they are talking with, customer can:

There is a verify bank employee button in the app wherein customer can press the button - enter a 4 digit code then bank personnel can verify the code by checking the automated Jira ticket created/Communication log/notes created.

App will display the “enter code” UI, customer enters code, app calls the back-office endpoint and send this code, BOFE displays code.

UI requirements:

Process flow: n/a

Execution steps: n/a

Internal dependencies:https://safibank.atlassian.net/l/cp/xqdAxB5Z , SM-4995 - Review - Support hub (temporary name) Done

External dependencies: OKTA

Acceptance criteria: https://safibank.atlassian.net/l/cp/xqdAxB5Z

Links to wireframes/UI: https://www.figma.com/file/dkDQHRa1zq7tU58MiL6hBR/SaFi---UI---MVP-(Shared)?node-id=13914%3A84032 SM-4777 - Authenticate calling CC agent - screen Done

Technical Analysis

The new endpoint /agent-verification should be protected with LEVEL1 signature.

The payload for /communicationRecords should look like this:

val communicationHistoryRecord = CommunicationRecordCreateDto(
    /* direction = */ CommunicationRecordDirection.INBOUND,
    /* communicatedAt = */ Instant.now().truncatedTo(ChronoUnit.MILLIS).atOffset(ZoneOffset.UTC),
    /* source = */ "mobile-app",
    /* channel = */ CommunicationRecordChannel.INTERNAL,
    /* domain = */ CommunicationRecordDomain.IAM,
    /* customerHandle = */ customerId.toString(),
    /* purpose = */ "callCenterAuthenticationChallenge",
    /* title = */ "Authentication challenge",
    /* body = */ "Customer generated authentication challenge for call center operator: ${code}"
).customerId(internalMessage.customerId).interactionId(null)

communicationHistoryManagerApi.createCommunicationRecord(idempotencyKey, communicationHistoryRecord)

Some of the enum values mentioned above are not yet available and will be added in SM-6860 - Add more communication enum values Done

When doing audit log, EventActionType should be AGENT_VERIFICATION_INITIATED.