Step-up authentication using the MFA widget
This topic enables the android mobile app to integrate the MFA widget for step-up or second-factor authentication using the Identity SDK
MFA is becoming the security standard for app authentication. You can secure your app by adding step-up authentication with CyberArk Identity MFA Widget. Users would be challenged with an additional authentication mechanism while accessing protected/sensitive resources like transferring funds, personal info, etc.
For instance, Acme requires users to authenticate with their username and password to access customer data. But if a user wants to transfer funds from one account to another, they must provide a second factor such as a password to complete the transaction.
You can also secure your mobile app by providing a second factor MFA using the Identity's MFA widget.
Prerequisites
Create authentication rule
Create an authentication rule that challenges the user to authenticate with MFA when the mobile app requests it. For steps and instructions for creating an authentication rule in the Admin Portal, refer to the following link.
https://docs.cyberark.com/Product-Doc/OnlineHelp/Idaptive/Latest/en/Content/CoreServices/Authenticate/MFA-AdminPortal.htm
To find your authentication Policies in the Admin Portal, navigate to Core Services > Policies > Authentication Policy. Refer to the following figures for an example.


Configure MFA Widget:
To find your authentication widgets in the Admin Portal, navigate to Web apps > Widgets. Refer to the following figures for an example.
In the success handler of the hosted page add the following code:
widgetHandler.onLoginSuccess = function (loginResponse) {
Android.loginSuccessHandler();
}

How it works?
Configure step-up authentication in your Android app
To accomplish step-up authentication for your Android app, you need to define a policy that challenges the user to authenticate with MFA.
CyberArk Identity SDK supports embedded MFA widget using WebView. Developers can easily integrate and load the MFA widget using Fragment view
For building web apps in WebView, refer to the following links.
https://developer.android.com/guide/webapps/webview
https://developer.android.com/guide/webapps/managing-webview
1. Update configs.xml
<string name="acme_native_login_url"> {YOUR_NATIVE_LOGIN_URL} </string>
<string name="cyberark_widget_host_url"> {YOUR_WIDGET_HOST_URL} </string>
<string name="cyberark_widget_id"> {YOUR_WIDGET_IDL} </string>
2. Add “CyberArkMFAWidgetFragment” in a xml
<androidx.fragment.app.FragmentContainerView
android:id="@+id/fragment_container_view"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:name="com.cyberark.identity.activity.view.CyberArkMFAWidgetFragment" />
3. Invoke “CyberArkMFAWidgetFragment” inside an Activity
val widgetURL = intent.getStringExtra("MFA_WIDGET_URL").toString()
val args = Bundle()
args.putString(WidgetConstants.WIDGET_URL, widgetURL)
val mfaWidgetFragment =
supportFragmentManager.findFragmentById(R.id.fragment_container_view) as CyberArkMFAWidgetFragment
mfaWidgetFragment.arguments = args
4. Implement “CyberArkMFAWidgetFragment.LoginSuccessListener” in an Activity
override fun onLoginSuccess() {
// TODO.. Implement post login success logic
}
Example:

Updated over 1 year ago