Integrate CyberArk Identity Android SDK

This topic enables the integration of CyberArk Identity Android SDK in your Android mobile app

This topic helps you to set up and install the Android SDK into your mobile app and thus integrate with CyberArk Identity to provide strong authentication and authorization support to your app.

Step 1: Create an OAuth2.0 client (or) OpenID connect custom app

If you developed a public or confidential app to access CyberArk Identity services on behalf of an end-user, you need to create an OAuth 2.0 Client or OpenID Connect (OIDC)

For instructions on creating an OAuth 2.0 Client application in the Admin Portal, refer to
Authorization (Auth) Code Flow with PKCE.


For public apps, such as native apps, the Authorization Code Flow with PKCE is recommended. To do this, select List (Apps > Web Apps > OAuth2 Client > General Usage > List) and add Allowed Clients in the Admin Portal

For instructions on creating an Open ID connect application in the Admin Portal, refer to
About OpenID Connect,
Add and configure the custom OpenID.

For public apps, such as native apps, the Authorization Code Flow with PKCE is recommended.


The Redirect URI for the OAuth 2.0 client (or) OpenID connect should be "{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/redirectURICallback"

Step 2: Download the android SDK from GitHub package manager

Get a PAT (Personal Access Token) from GitHub with read:packages permission.

Reference: Creating a PAT

allprojects {
    repositories {
        maven {
            name = "GithubPackages"
            url = uri("")
            credentials {
                username = System.getenv('GITHUB_USER') ?: project.findProperty('GITHUB_USER')
                password = System.getenv('GITHUB_ACCESS_TOKEN') ?: project.findProperty('GITHUB_ACCESS_TOKEN')

Add the GITHUB_USER and GITHUB_ACCESS_TOKEN values to your environment variables on your local machine or build server to avoid creating a GitHub properties file.

GITHUB_USER will be the username or, in some cases, the email address.

Step 3: Declare Gradle Implementation for Identity Android SDK

When you use Gradle to build your app for Android, you must declare the Identity SDK dependencies so that Gradle can download all the required dependencies. Add the following in your app/build.gradle.

//CyberArk Identity Android SDK lib
implementation 'com.cyberark.identity:android-sdk:{$version}'

Update {$version} with your latest SDK version.

Step 4: Verify the supported SDK version

To run the Identity SDK, the minimum supported Android SDK version is API level 24 and above.

compileSdkVersion 31
buildToolsVersion "30.0.3"

defaultConfig {
    applicationId "com.cyberark.mfa"
    minSdkVersion 24
    targetSdkVersion 31
    versionCode 1
    versionName "1.0"

Step 5: Use Java 8 language features

The Identity Android SDK requires Java 8 language feature support. To enable Java 8 support for Android and Kotlin plugins respectively, add the following compile options in your build.gradle file in your app folder.

compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    kotlinOptions {
        jvmTarget = '1.8' 

Step 6: Add permission in AndroidManifest.xml

Open your app's AndroidManifest.xml file and add the following permission.
To perform actions on the token, you need to add the INTERNET permission to your AndroidManifest.xml file.

<manifest. >
<uses-permission android:name="android.permission.INTERNET" />
</manifest. >

Step 7: Read values from configs.xml

Create a config.xml (Identity-demo-android > res > config.xml) and add the following resources.

    // Basic Settings
    <string name="cyberark_auth_system_url">{auth_system_url}</string>
    <string name="cyberark_auth_host_url">{auth_host_url}</string>
    <string name="cyberark_auth_client_id">{auth_client_id}</string>
    <string name="cyberark_auth_app_id">{auth_app_id}</string>
    <string name="cyberark_auth_state">{auth_state}</string>
    <string name="cyberark_auth_response_type">code</string>
    <string name="cyberark_auth_scope">{auth_scope}</string>
    <string name="cyberark_auth_redirect_uri">{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/redirectURICallback</string>
    <string name="cyberark_auth_host">{auth_host}</string>
    <string name="cyberark_auth_scheme">{auth_scheme}</string>
    // Google ReCaptcha V2 Settings
    <string name="recaptcha_v2_site_key">{recaptcha_site_key}</</string>

    // Step-up authentication using MFA widget
    <string name="acme_native_login_url">{native_login_url}</string>
    <string name="cyberark_widget_host_url">{mfa_widget_host_url}</string>
    <string name="cyberark_widget_id">{mfa_widget_id}</string>
     // Authentication widget
    <string name="cyberark_auth_widget_host_url">{auth_widget_host_url}</string>
    <string name="cyberark_auth_widget_id" translatable="false">{auth_widget_id}</string>
    <string name="cyberark_auth_resource_url">{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/resourceURLCallback</string>

auth_system_urlYour tenant URL. This is provided when you register your Android app.
auth_host_urlThe URL on which the authorization server is hosted.
auth_client_idAn ID that Identifies your app in CyberArk Identity. This is provided when you register your app as a client.
auth_app_idA unique key is used to build the OAuth2 endpoint URL.
auth_stateThe type of response requested from the authorization server. This must be set to code for authorization code flow.
auth_scopeThe specific scopes that are being requested. These scopes should have been mentioned in the OAuth/OIDC app
auth_hostThe custom host that is implemented for redirection.
auth_schemeThe custom scheme is implemented for redirection.
recaptcha_site_keyGoogle reCAPTCHA V2 site key
native_login_urlNative login URL of your web app
mfa_widget_host_urlThe URL where your widget is hosted.
mfa_widget_idConfigured MFA widget ID
auth_widget_host_urlThe tenant URL where your authentication widget is hosted.
auth_widget_idConfigured authentication widget ID

Step 8: Define the Manifest Placeholders for the CyberArk Identity Host and CyberArk Identity Scheme

These manifest placeholders are used internally by the library to register an intent filter. Go to your app/build.gradle file and add the manifestPlaceholders line as shown below: