CoAuth Graphic

CoAuth Integration

CoAuth is Atomic's first-party integration with payroll providers, designed to enhance the user experience and streamline connections. By utilizing APIs developed in collaboration with payroll provider partners, Atomic enables direct user lookup within payroll systems. This integration significantly improves overall conversion rates and user experience. Atomic is continually expanding its network of payroll provider partnerships to increase the reach and impact of this integration.

How It Works

CoAuth allows end users to provide personal information rather than traditional credentials to identify their worker profile within the payroll system. Once the user is identified, they complete a multi-factor authentication (MFA) process using information already on file with the payroll provider to verify their identity.

After successfully verifying their identity, users are directed to modify their direct deposit allocations. Atomic receives confirmation of the update from the payroll provider and delivers the updated details via standard Webhook mechanisms.

CoAuth is available for users whose employers utilize a payroll platform that Atomic has directly integrated with. However, some payroll systems require employer-level opt-in, which may result in varying levels of coverage depending on the specific implementation of the payroll provider.

Transact v3.0 or higher
To enable the credential-less platform matching feature, your application must use Transact SDK version 3.0 or later. Upgrading to the latest SDK ensures compatibility and access to the full suite of CoAuth features.

Flow Variations

This guide outlines the variations of the flow for connecting users to payroll systems via CoAuth enabled connectivity. Each flow is designed to securely authenticate users and facilitate updating direct deposits. Below are descriptions of each variation with design considerations and the benefits of each approach. Specific integration points will be outlined in the following section.

These three flows allow financial institutions and users to securely and efficiently connect to payroll systems based on the available PII and the nature of the integration. Select the approach that best aligns with your business processes and user experience goals.

Pre-screen API

In this version, identity data for the user are securely passed to Atomic to lookup the user in the CoAuth enabled payroll systems. If there is match, a multi-factor authentication step is initialized for the user to verify their identity. They are then prompted to fulfill the remaining steps to set up or switch their direct deposit.

The steps for this flow are as follows:

  • 1

    Collect Identity Data: Identity data is required to satisfy a CoAuth connection. We recommend you collect this information from the consumer during their application process, if possible. (e.g., phone number, email, date of birth, SSN)

  • 2

    Transmit Identity Data: Transmit the required identity data to Atomic via a secure API integration. Atomic will pass this information along to our payroll partners to look up the user in their system. If the user is found, Atomic will return relevant information to drive the experience within Transact.

  • 3

    Launch Transact: When Transact is launched, Atomic will display an interstitial screen confirming the selected payroll system. From there, the user proceeds directly to a multi-factor authentication (MFA) step, facilitated in collaboration with the payroll system. This streamlined process eliminates unnecessary steps, enhancing the user experience and improving authentication efficiency.

  • 4

    Switch Direct Deposit: Using the pre-screened and verified user session, Transact directly authenticates with the user’s payroll system, streamlining the connection process. All that is required from the user is the MFA step and to select their allocation amount.

More details for the Pre-screen API can be found here.

Benefits:

  • Allows for pre-screening the user when they land on a Deposit page, but before launching Transact.
  • Simplifies the user experience by reducing input requirements.
  • Increases the likelihood of successful authentication with payroll systems.
  • Provides a seamless integration for institutions already collecting relevant PII.

Access Token API

This version of the flow offers similar advantages to the Pre-Screen API while requiring less integration effort. However, access to the user’s identity data is necessary to use this approach.

Rather than directly calling the Pre-Screen API, you can send the same identity data to the /access-token API. When the user selects their payroll system within Transact, Atomic bypasses the standard login process. Instead, the user is verified through a multi-factor authentication (MFA) step, enabling an expedited version of the flow. This process utilizes the payroll system’s lookup API to streamline the connection.

  • 1

    Access Token with Identity Data: Pass identity data when creating the access-token.

  • 2

    Payroll System Selection: The user is presented with a list of supported payroll systems and selects their payroll provider from the list.

  • 3

    Direct Authentication: When a CoAuth enabled payroll system is selected, Transact will use the PII to authenticate the user directly with their selected payroll system.

  • 4

    Connection Completion: Upon successful identity verification, the user is connected to their payroll system to proceed with updating their direct deposit.

More details about adding the identity data to the Access Token API can be found here.

Benefits:

  • Allows for elevated conversion using our CoAuth connections with a simple addition to a pre-existing integration.
  • Flexible and adaptable for financial institutions that collect PII during the customer journey.
  • Increases the likelihood of successful authentication with payroll systems.