Integrate CyberArk Identity iOS SDK

This topic enables the integration of CyberArk Identity iOS SDK in your iOS mobile app

This topic helps you to set up and install the iOS SDK into your mobile app and thus integrate with CyberArk Identity to provide strong authentication and authorization support to your app.

Step 1: Create an OAuth2.0 client (or) OpenID connect custom app

If you developed a public or confidential app to access CyberArk Identity services on behalf of an end-user, you need to create an OAuth 2.0 Client or OpenID Connect (OIDC)

For instructions on creating an OAuth 2.0 Client application in the Admin Portal, refer to
Authorization (Auth) Code Flow with PKCE.

📘

For public apps, such as native apps, the Authorization Code Flow with PKCE is recommended. To do this, select List (Apps > Web Apps > OAuth2 Client > General Usage > List) and add Allowed Clients in the Admin Portal

For instructions on creating an Open ID connect application in the Admin Portal, refer to
About OpenID Connect,
Add and configure the custom OpenID.

For public apps, such as native apps, the Authorization Code Flow with PKCE is recommended.

📘

The Redirect URI for the OAuth 2.0 client (or) OpenID connect should be "{auth_scheme}://{auth_host}/iOS/{YOUR_APP_PACKAGE_NAME}/redirectURICallback"

Step 2: Download the CyberArk Identity iOS SDK

Download the iOS sample app from GitHub and then unzip the file to your location. The sample app comes with the Identity.xcframework integrated.

Step 3: Adding Identity.xcframework into your Xcode project

In order to add the Identity.xcframework to your Xcode project follow the below steps:

  1. Create an Xcode project
  2. Right-click on the project explorer, and then select Add Files to your project
  3. Browse to locate the SDK package(IdentityIntegrationApp > IdentitySDK > Identity.xcframework) which you have downloaded as part of sample app, and then click Add
  4. Check the option Copy items if needed, and then click Finish

Step 4: Embed Identity.xcframework into the project target

Make sure that the framework is embedded into your app’s binary. To embed Identity.xcframework, refer to the following steps:

  1. In Xcode, click the project root to navigate to your project settings.
  2. Make sure that your target is selected, and that the General tab is open.
  3. Select Embed & Sign for Frameworks.Libraries and Embedded.
27542754

Step 5: Create a plist file

To customize your app with CyberArk Identity SDK features, create a custom plist file with the name IdentityConfiguration.plist. The plist file contains configuration information that is essential to receive a callback from CyberArk Identity. Copy the XML snippet below and configure it with your account information:

<plist version="1.0">
<dict>
    <key>clientid</key>
    <string>{YOUR_CLIENT_ID}</string>
    <key>domainoauth</key>
    <string>{YOUR_TENANT_URL}</string>
    <key>systemurl</key>
    <string>{YOUR_SYSTEM_URL}</string>
    <key>applicationid</key>
    <string>{YOUR_APPLICATION_ID}</string>
    <key>redirecturi</key>
    <string>{URLSCHEME}://{bundleidentifier}</string>
    <key>scope</key>
    <string>{YOUR_SCOPE}</string>
    <key>threshold</key>
    <integer>{YOUR_THRESHOLD}</integer>
    <key>responsetype</key>
    <string>code</string>
    <key>loginurl</key>
    <string>{your_loginurl}</string>
    <key>widgetid</key>
    <string>{your_widgetid}</string>
    <key>mfatenanturl</key>
    <string>{your_mfatenanturl}</string>
</dict>
</plist>
clientidThe client ID of your app. This is provided when you register your app in the Admin Portal.
domainoauthThe authorization server where your tenant is hosted.
systemurlYour tenant URL. This is provided when you register your iOS app in the Admin Portal.
applicationidA unique key used to build the OAuth2 endpoint URL.
redirecturiThe URL that you register when OAuth 2.0 is added in the Admin Portal. In other words, this is the same redirect URI that your app uses when requesting the auth code.
scopeThe specific scopes that your app requests in the authorization flow.
thresholdBy default, the threshold value is configured to 60.
responsetypeThe type of response requested from the authorization server. This must be set to code for authorization code flow.
loginurl
widgetidConfigured widget in the tenant portal
mfatenanturl

Step 6: Add the URL Scheme to the project

After creating the plist file, define a callback (redirect URL scheme) in the app, which helps the app to exchange the authorization codes for access tokens. To add the callback URL scheme, refer the following steps:

  1. Goto Xcode, select the root project >> target >> Info
  2. Expand the URL Types section and set the Identifier value to $(PRODUCT_BUNDLE_IDENTIFIER) and URL Scheme to unique URL scheme with the desired name.
26852685