Using the widget customer application will not redirect to CyberArk Identity server for user authentication. The widget will embed to the existing customer web application to perform the user authentication.
CyberArk provides a widget which a customer can use to avail the sign up and sign in capabilities in their applications.
The Sign Up and Sign In widget can be integrated into a custom application where the company can authenticate the identity of end users using CyberArk Identity.
- User registers an account with CyberArk Identity server
- Admin needs to map the role in CyberArk Admin portal for newly registered user
- User authenticates to CyberArk Identity server
- Authentication (with MFA) based on the configured policies
- The protocol used for this widget is OAuth (Authorization code + PKCE)
The signup/signin card in the demo web app simulates Acme.com (dummy website) securing their end user registration and authentication using CyberArk SignUp/SignIn widget respectively.
- On click of Start button of the signup/signin card, a screen with detailed description of the widgets along with the API endpoints being used appears. It also has Sign up and Login button, which we can see how the widget can be integrated into a client app.
- On the click of Sign up button, the CyberArk Identity Sign Up widget appears using which you can register and create an account.
- Post creation of the user, the Sign In widget appears through which user can sign in to the demo app. The challenges during sign in appears on the basis of the configured policies for the user.
- When clicked on Next button, the authentication challenges appear, responding to which the user authenticates itself. This can be explored in MFA Widget in more detail.
- Click on Next, the user logging in for the first time is navigated to the Reset Password page in the widget where user has to chose a new password for the account.
- Upon entering the new password in both the New Password and Confirm Password fields, click on Next button will take the user to password change confirmation page.
- By clicking on the Start Over option from the page, the sample app takes user to the Sign In widget using which user can log in to the custom app with the credentials.
To embed Login widget, refer here.
On success response, we use OAuth Authorization with PKCE flow to get access token. Use the access token in authorization header for subsequent requests in sample application.
- Post successful authentication using the widget, user navigates to the application to explore additional functionalities provided. In the sample app, the following activities are integrated for demonstration purpose.
Updated over 1 year ago