Update documentation
diff --git a/Mobile App Login.png b/Mobile App Login.png
new file mode 100644
index 0000000..6b901d3
--- /dev/null
+++ b/Mobile App Login.png
Binary files differ
diff --git a/Mobile App Login.txt b/Mobile App Login.txt
new file mode 100644
index 0000000..c101009
--- /dev/null
+++ b/Mobile App Login.txt
@@ -0,0 +1,44 @@
+title Mobile App Login
+participant Mobile App as mobapp
+participant Mobile SDK as mobsdk
+participant MFA Platform as mfa
+participant App Backend as appbe
+participant Backend SDK as besdk
+note over mobapp:
+    The Mobile App has possetion
+    of the Client ID, issued by
+    the MFA Platform
+end note
+note over appbe:
+    The App Backend has possetion
+    of the Client ID and the Client Secret,
+    issued by the MFA Platform
+end note
+mobapp->mobsdk: SetClientId(<clientId>)
+mobsdk-->mobapp: Status OK
+mobapp->mobsdk: StartAuthentication(user)
+mobsdk-->mobapp: Status OK
+mobapp->mobapp: Get PIN from end-user
+mobapp->mobsdk: FinishAuthenticationMFA(user, PIN, &authzCode)
+mobsdk<->mfa: Authentication Pass 1, header: X-MIRACL-Client-ID: <clientId>
+mobsdk->mfa: Authentication Pass 2, header: X-MIRACL-Client-ID: <clientId>
+mfa-->mobsdk: OK, data: authOTT
+mobsdk->mfa: POST /authenticate, header: X-MIRACL-Client-ID: <clientId>, data: authOTT
+mfa-->mobsdk: OK, data: {"code": <authzCode>}
+mobsdk-->mobapp: Status OK, authzCode
+mobapp->appbe: App-sepcific request for data or for authentication validation, pass <userId>, <authzCode>
+appbe->besdk: validate_authorization(), passing in <authzCode>
+besdk->mfa: Token Endpoint, passing <authzCode>
+mfa-->besdk: Access Token, ID Token
+besdk->besdk: Validate ID Token
+besdk-->appbe: Access Token
+appbe->besdk: get_user_id()
+besdk-->appbe: User ID
+appbe->appbe: Verify User ID == <userId>
+appbe->appbe: (Optional) Generate app-specific Authentication Token
+appbe-->mobapp: App-specific response, pass back either\nAccess Token or app-specific Authentication Token
+mobapp<->appbe: Get data using provided Token
diff --git a/README.md b/README.md
index d9f29a1..fb1bbc0 100644
--- a/README.md
+++ b/README.md
@@ -263,6 +263,11 @@
 This method clears the `MPinSDK` instance and releases any allocated data by it.
 After calling this method, one should use `Init()` again in order to re-use the `MPinSDK` instance.
+##### `void SetClientId(const String& clientId);`
+This method will set a specific _Client ID_ which the SDK should use when sending requests to the backend.
+As an example, the MIRACL MFA Platform issues _Client IDs_ for registered applications, which use the platform for authenticating users.
+When the SDK is used to authenticate users specifically for this registered application, the _Client ID_ should be set by the app using this method. 
 ##### `Status TestBackend(const String& server, const String& rpsPrefix = "rps") const;`
 This method will test whether `server` is a valid back-end URL by trying to retrieve Client Settings from it.
 Optionally, a custom RPS prefix might be specified if it was customized at the back-end and is different than the default `"rps"`.
@@ -453,6 +458,13 @@
 * `Status::INCORRECT_PIN` - The authentication failed because of incorrect PIN. After the 3rd (configurable in the RPS) unsuccessful authentication attempt, the method will still return `Status::INCORRECT_PIN` but the User State will be set to `BLOCKED`.
 * `Status::INCORRECT_ACCESS_NUMBER` - The authentication failed because of incorrect Access Number.
+##### `Status FinishAuthenticationMFA(INOUT UserPtr user, const String& pin, OUT String& authzCode);`
+This method is almost identical to the standard `FinishAuthentication()`, but it returns back an _Authorization Code_, which should be used further by the app back-end to validate the authenticated user.
+This method is useful when authenticating users against the MIRACL MFA Platform.
+For this flow to work, the app should also set a _Client ID_ through the `SetClientId()` method.
+The Platform will provide the _Authorization Code_ as a result from the authentication.
+This code should be then passed by the app to the back-end, where it should be verified using one of the MFA Paltform SDK flavors.
 ##### `bool CanLogout(IN UserPtr user);`
 This method is used after authentication with an Access Number/Code through `FinishAuthenticationAN()`.
 After such an authentication, the Mobile Device can log out the end-user from the Browser session, if the RPA supports that functionality.
@@ -482,3 +494,11 @@
 ##### User Authentication to an Online Session
 ![*](M-Pin SDK - Authentication to Browser Session flow.png)
+#### MIRACL MFA Platform Flows
+##### Authentication into a Mobile App
+![*](Mobile App Login.png)
+##### Authentication to a Web App
+_Coming soon..._
\ No newline at end of file