CyberArk Identity as MFA provider

MFA is becoming the security standard for app authentication. You can secure your app by adding second-factor authentication with CyberArk Identity MFA Widget. Users would be challenged with an additional authentication mechanism to log into the web apps.

For instance, Acme has an in-house primary authentication mechanism that authenticates the user with a username and password. Acme can secure the login to the web app by using CyberArk Identity's MFA widget for second-factor authentication.


Create authentication rule

Create an authentication rule that challenges the user to authenticate with MFA when the mobile app requests it. For steps and instructions for creating an authentication rule in the Admin Portal, refer to the following link.

To find your authentication Policies in the Admin Portal, navigate to Core Services > Policies > Authentication Policy.

Configure MFA Widget:

To find your authentication widgets in the Admin Portal, navigate to Web apps > Widgets. Refer to the following figures for an example.


How does it work?


Second factor authentication in Java angular sample app



  1. Setup OpenID Connect (OIDC) custom application in CyberArk Identity tenant
  2. Install the CyberArk Identity Java-angular sample app
  3. Setup the Java-angular sample app


Please refer to to see how an MFA widget can be embedded into a Java-angular app

On the Home page of the sample app, Select MFA card as highlighted below and click on start.



In this scenario, the sample app uses an in-built database and stores the user in both the in-built database and CyberArk Identity.

Create a user in the external app and CyberArk Identity:

Click on signup on the card mentioned above and signup the user. The user gets stored in both the in-built database and CyberArk Identity on signup.


Primary authentication with the sample app:

Authenticate to the sample app by passing your username and password. This authentication is a simulation of a web application.


Secondary authentication using the MFA widget:


Once successful the user can login to the app.