Integrate authentication widget for strong MFA

Provide an authentication and authorization flow with strong MFA by embedding the authentication widget into the SDK's Android mobile app.


Step 1: Setup the OpenID connect custom app

Step 2: Create authentication rule

Create an authentication rule that challenges the user to authenticate with MFA when the mobile app requests it. Refer to the following link for steps and instructions for creating an authentication rule in the Admin Portal.

To find your authentication Policies in the Admin Portal, navigate Core Services > Policies > Authentication Policy. Refer to the following figures for an example.

1428 1428

Step 3: Configure authentication Widget:


Please refer to to get information on how to use widgets

To find your authentication widgets in the Admin Portal, navigate to Web apps > Widgets. Refer to the following figures for an example.


How does it work?


Authentication widget in Java angular sample app

The signup/sign-in card in the demo web app simulates (dummy website) securing their end-user authentication using the CyberArk Identity authentication widget respectively.



  1. Setup OpenID Connect (OIDC) custom application in CyberArk Identity tenant
  2. Install the CyberArk Identity Java-angular sample app
  3. Setup the Java-angular sample app



To embed Login widget, refer here.

On a success response, we use OAuth Authorization with PKCE flow to get access token. Use the access token in the authorization header for subsequent requests in the sample application.


Please refer to to see how an authentication widget can be embedded into a Java-angular app

On the Home page of the sample app, Select Widgets card and click on Login.

The authentication widget appears through which user can sign in to the demo app. The challenges during sign in appears on the basis of the configured policies for the user.

  • Click on Next, the user is prompted with the corresponding MFA setup on the policy. For example, if the MFA policy is password, the user is prompted with password challenge on the authentication widget.