Integrate CyberArk Identity Android SDK
This topic enables the integration of CyberArk Identity Android SDK in your Android mobile app
This topic helps you to set up and install the Android SDK into your mobile app and thus integrate with CyberArk Identity to provide strong authentication and authorization support to your app.
Step 1: Create an OAuth2.0 client (or) OpenID connect custom app
If you developed a public or confidential app to access CyberArk Identity services on behalf of an end-user, you need to create an OAuth 2.0 Client or OpenID Connect (OIDC)
For instructions on creating an OAuth 2.0 Client application in the Admin Portal, refer to
Authorization (Auth) Code Flow with PKCE.
For public apps, such as native apps, the Authorization Code Flow with PKCE is recommended. To do this, select List (Apps > Web Apps > OAuth2 Client > General Usage > List) and add Allowed Clients in the Admin Portal
For instructions on creating an Open ID connect application in the Admin Portal, refer to
About OpenID Connect,
Add and configure the custom OpenID.
For public apps, such as native apps, the Authorization Code Flow with PKCE is recommended.
The Redirect URI for the OAuth 2.0 client (or) OpenID connect should be "{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/redirectURICallback"
Step 2: Download the android SDK from GitHub package manager
Get a PAT (Personal Access Token) from GitHub with read:packages
permission.
Reference: Creating a PAT
allprojects {
repositories {
google()
mavenCentral()
maven {
name = "GithubPackages"
url = uri("https://maven.pkg.github.com/cyberark/identity-demo-android")
credentials {
username = System.getenv('GITHUB_USER') ?: project.findProperty('GITHUB_USER')
password = System.getenv('GITHUB_ACCESS_TOKEN') ?: project.findProperty('GITHUB_ACCESS_TOKEN')
}
}
}
}
Add the GITHUB_USER and GITHUB_ACCESS_TOKEN values to your environment variables on your local machine or build server to avoid creating a GitHub properties file.
GITHUB_USER will be the username or, in some cases, the email address.
Step 3: Declare Gradle Implementation for Identity Android SDK
When you use Gradle to build your app for Android, you must declare the Identity SDK dependencies so that Gradle can download all the required dependencies. Add the following in your app/build.gradle.
//CyberArk Identity Android SDK lib
implementation 'com.cyberark.identity:android-sdk:{$version}'
Update {$version} with your latest SDK version.
Step 4: Verify the supported SDK version
To run the Identity SDK, the minimum supported Android SDK version is API level 24 and above.
compileSdkVersion 31
buildToolsVersion "30.0.3"
defaultConfig {
applicationId "com.cyberark.mfa"
minSdkVersion 24
targetSdkVersion 31
versionCode 1
versionName "1.0"
}
Step 5: Use Java 8 language features
The Identity Android SDK requires Java 8 language feature support. To enable Java 8 support for Android and Kotlin plugins respectively, add the following compile options in your build.gradle file in your app folder.
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
kotlinOptions {
jvmTarget = '1.8'
}
Step 6: Add permission in AndroidManifest.xml
Open your app's AndroidManifest.xml file and add the following permission.
To perform actions on the token, you need to add the INTERNET permission to your AndroidManifest.xml file.
<manifest. >
<uses-permission android:name="android.permission.INTERNET" />
</manifest. >
Step 7: Read values from configs.xml
Create a config.xml (Identity-demo-android > res > config.xml) and add the following resources.
<resources>
// Basic Settings
<string name="cyberark_auth_system_url">{auth_system_url}</string>
<string name="cyberark_auth_host_url">{auth_host_url}</string>
<string name="cyberark_auth_client_id">{auth_client_id}</string>
<string name="cyberark_auth_app_id">{auth_app_id}</string>
<string name="cyberark_auth_state">{auth_state}</string>
<string name="cyberark_auth_response_type">code</string>
<string name="cyberark_auth_scope">{auth_scope}</string>
<string name="cyberark_auth_redirect_uri">{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/redirectURICallback</string>
<string name="cyberark_auth_host">{auth_host}</string>
<string name="cyberark_auth_scheme">{auth_scheme}</string>
// Google ReCaptcha V2 Settings
<string name="recaptcha_v2_site_key">{recaptcha_site_key}</</string>
// Step-up authentication using MFA widget
<string name="acme_native_login_url">{native_login_url}</string>
<string name="cyberark_widget_host_url">{mfa_widget_host_url}</string>
<string name="cyberark_widget_id">{mfa_widget_id}</string>
// Authentication widget
<string name="cyberark_auth_widget_host_url">{auth_widget_host_url}</string>
<string name="cyberark_auth_widget_id" translatable="false">{auth_widget_id}</string>
<string name="cyberark_auth_resource_url">{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/resourceURLCallback</string>
</resources>
Parameter | Description |
---|---|
auth_system_url | Your tenant URL. This is provided when you register your Android app. |
auth_host_url | The URL on which the authorization server is hosted. |
auth_client_id | An ID that Identifies your app in CyberArk Identity. This is provided when you register your app as a client. |
auth_app_id | A unique key is used to build the OAuth2 endpoint URL. |
auth_state | The type of response requested from the authorization server. This must be set to code for authorization code flow. |
auth_scope | The specific scopes that are being requested. These scopes should have been mentioned in the OAuth/OIDC app |
auth_host | The custom host that is implemented for redirection. |
auth_scheme | The custom scheme is implemented for redirection. |
recaptcha_site_key | Google reCAPTCHA V2 site key |
native_login_url | Native login URL of your web app |
mfa_widget_host_url | The URL where your widget is hosted. |
mfa_widget_id | Configured MFA widget ID |
auth_widget_host_url | The tenant URL where your authentication widget is hosted. |
auth_widget_id | Configured authentication widget ID |
Step 8: Define the Manifest Placeholders for the CyberArk Identity Host and CyberArk Identity Scheme
These manifest placeholders are used internally by the library to register an intent filter. Go to your app/build.gradle file and add the manifestPlaceholders line as shown below:

Updated about 1 year ago