Integrate authentication widget for strong MFA
Provide an authentication and authorization flow with strong MFA by embedding the authentication widget into the SDK's Android mobile app.
Step 1: Setup the OpenID connect custom app
Step 2: Create authentication rule
Create an authentication rule that challenges the user to authenticate with MFA when the mobile app requests it. Refer to the following link for steps and instructions for creating an authentication rule in the Admin Portal.
To find your authentication Policies in the Admin Portal, navigate Core Services > Policies > Authentication Policy. Refer to the following figures for an example.
Step 3: Configure authentication Widget:
Please refer to https://docs.cyberark.com/Product-Doc/OnlineHelp/idaptive/Latest/en/Content/Widgets/Create-Authentication-Widget.htm to get information on how to use widgets
To find your authentication widgets in the Admin Portal, navigate to Web apps > Widgets. Refer to the following figures for an example.
How does it work?
Authentication widget in Java angular sample app
The signup/sign-in card in the demo web app simulates Acme.com (dummy website) securing their end-user authentication using the CyberArk Identity authentication widget respectively.
- Setup OpenID Connect (OIDC) custom application in CyberArk Identity tenant
- Install the CyberArk Identity Java-angular sample app
- Setup the Java-angular sample app
To embed Login widget, refer here.
On a success response, we use OAuth Authorization with PKCE flow to get access token. Use the access token in the authorization header for subsequent requests in the sample application.
Please refer to https://github.com/cyberark/identity-demo-angular/tree/main/angular/src/app/loginWidget to see how an authentication widget can be embedded into a Java-angular app
On the Home page of the sample app, Select Widgets card and click on Login.
The authentication widget appears through which user can sign in to the demo app. The challenges during sign in appears on the basis of the configured policies for the user.
- Click on Next, the user is prompted with the corresponding MFA setup on the policy. For example, if the MFA policy is password, the user is prompted with password challenge on the authentication widget.
Updated 6 months ago