Select Authentication Method on First Login
When a peer mentor opens the app for the first time or after being logged out, they are presented with an authentication method selector screen showing both BankID and Vipps as options. The screen clearly explains what each method entails and guides the user through the selection. This initial authentication establishes their identity securely and can link their national ID number (personnummer) to the organization's member system.
User Story
Audience Summaries
BankID and Vipps are the dominant digital identity standards in Norway, used by all major banks, government portals, and regulated services. Requiring peer mentors to authenticate via one of these two providers delivers immediate and measurable business value: it eliminates the risk of unauthorized platform access, ensures legal identity verification tied to the Norwegian personnummer, and aligns the app with the trust expectations of all three partner organizations. All partners identified this as a MUST HAVE for Phase 2 rollout — without it, the platform cannot be deployed in production. The method selector screen is the first impression the app makes on a peer mentor, setting expectations for security, professionalism, and usability.
A clear, accessible, and well-branded selector screen also reduces onboarding friction and support burden, directly impacting activation rates and time-to-first-use metrics for new volunteers.
This story is marked critical with no upstream dependencies, making it the ideal first item to unblock in the authentication workstream. It is the entry point for all subsequent auth-related stories including BankID flow, Vipps flow, and secure logout, so delivery delays here cascade across the entire authentication epic. Development complexity is low-to-moderate for the selector screen itself — primarily UI and navigation — but integration with BankID and Vipps SDKs introduces external dependency risk that must be validated early. Accessibility is an explicit acceptance criterion (screen reader support), requiring involvement from QA and potentially a dedicated accessibility review.
Stakeholder sign-off from all three partner organizations is recommended before finalizing the screen's copy and visual design, as each partner may have branding or UX requirements. Rollout planning should treat this screen as a shared foundation; any changes post-delivery affect downstream auth flows, so change requests should be formally managed after initial release.
The authentication method selector screen requires detecting two distinct entry states: first-time app open and post-logout redirect. Both must render the same selector UI with BankID and Vipps options, each displaying recognizable logos, brief explanatory copy, and a tap target that initiates the respective auth flow. Tapping either option should immediately show a loading indicator before navigating to the provider-specific authentication screen, preventing double-taps and providing user feedback during SDK initialization. All interactive elements must have explicit accessibility labels compatible with VoiceOver (iOS) and TalkBack (Android) — this is a hard acceptance criterion.
Navigation must be structured so the selector sits at the root of the unauthenticated navigation stack, preventing back-gesture access after login. The personnummer-to-member-system linking is downstream of the provider auth flow, not this screen, but the selector must pass the chosen provider as context to the downstream auth handlers. Consider abstracting provider selection into a shared auth context or hook for reuse across logout redirect and fresh-install flows.
Acceptance Criteria
- Given I open the app for the first time, When the authentication screen loads, Then I see clearly labeled options for BankID and Vipps with recognizable logos and brief explanations
- Given I am on the authentication method selector, When I tap BankID, Then I am navigated to the BankID authentication screen
- Given I am on the authentication method selector, When I tap Vipps, Then I am navigated to the Vipps authentication screen
- Given I am on the authentication method selector, When I tap either option, Then a loading indicator appears while the authentication flow is initiated
- Given the screen loads, When I use a screen reader, Then all interactive elements have proper accessibility labels and are announced correctly
Business Value
BankID and Vipps are the de facto standard for digital identity in Norway, trusted by all major banks and government services. Requiring peer mentors to authenticate via these providers eliminates the risk of unauthorized access, ensures the person is who they claim to be, and builds user trust in the app's security posture. All three partner organizations identified this as a MUST HAVE for Phase 2 rollout.