Securing journeys

All Mosaic communications are secured with robust encryption to ensure data confidentiality and integrity. SSL (Secure Sockets Layer) is applied to protect all incoming and outgoing requests, safeguarding them from interception. This provides a baseline level of security for all interactions within journeys.

If additional protection is required, Mosaic supports an optional feature—double encryption. It enforces the point-to-point encryption from the client to the orchestration service which is not affected by network topology and SSL termination point.

Note

Double encryption can only be enabled for client SDK, SSO, and Mobile approve journeys.

Step 1: Enable double encryption

Double encryption is enforced individually per journey. When creating or editing a journey in the Admin Portal, pick the double encryption level that fits your organization needs:

  • Don't use double encryption (default)
  • Encrypt all data

Encrypt journeys

Double encryption for existing journeys

Enabling double encryption for existing journeys will lead to journey failures if you're using an older version of the Orchestration SDK. Upgrade your SDKs to the latest version before enabling double encryption for existing journeys. SDKs support double encryption starting with:

  • Web: 1.12.0 . See Changelog
  • Android: 1.0.25
  • iOS: 1.1.14

Step 2: Configure SDK

To support double encryption on the client side, pass the requirement to use double encryption to the journey invocation SDK call.

Note

If the encryption level isn't specified, the journey defaults to starting without double encryption.

JsSwiftKotlin
Copy
Copied
// Starting client SDK journey
const idoResponse = await window.tsPlatform.ido.startJourney("YOUR_JOURNEY_ID", { encrypted: true });

// Starting SSO journey
const idoResponse = await window.tsPlatform.ido.startSsoJourney("YOUR_SSO_JOURNEY_ID", { encrypted: true });
Copy
Copied
// Starting client SDK journey
do {
    try TSIdo.startJourney(journeyId: YOUR_JOURNEY_ID,
                           options: .init(encryptionMode: .full))
} catch {
    debugPrint("[DEBUG]: error: \(error)")
}

// Starting mobile approve journey

do {
    try TSIdo.startMobileApproveJourney(payload: approvalPayload,
                                        options: .init(encryptionMode: .full))
} catch {
    debugPrint("[DEBUG]: error: \(error)")
}
Copy
Copied
// Starting client SDK journey
TSIdo.startJourney(journeyId,
    TSIdoStartJourneyOptions(additionalParams,
        flowId, TSIdoEncryptionMode.Full), callback)

// Starting mobile approve journey
TSIdo.startMobileApproveJourney(payload,
    TSIdoStartJourneyOptions(additoinalParams,
        flowId, TSIdoEncryptionMode.Full), callback)