Step-up authentication using the MFA widget

This topic enables the android mobile app to integrate the MFA widget for step-up or second-factor authentication using the Identity SDK

MFA is becoming the security standard for app authentication. You can secure your app by adding step-up authentication with CyberArk Identity MFA Widget. Users would be challenged with an additional authentication mechanism while accessing protected/sensitive resources like transferring funds, personal info, etc.

For instance, Acme requires users to authenticate with their username and password to access customer data. But if a user wants to transfer funds from one account to another, they must provide a second factor such as a password to complete the transaction.

You can also secure your mobile app by providing a second factor MFA using the Identity's MFA widget.


Create authentication rule

Create an authentication rule that challenges the user to authenticate with MFA when the mobile app requests it. For steps and instructions for creating an authentication rule in the Admin Portal, refer to the following link.

To find your authentication Policies in the Admin Portal, navigate to Core Services > Policies > Authentication Policy. Refer to the following figures for an example.

1428 1428

Configure MFA Widget:

To find your authentication widgets in the Admin Portal, navigate to Web apps > Widgets. Refer to the following figures for an example.



In the success handler of the hosted page add the following code:

widgetHandler.onLoginSuccess = function (loginResponse) {


How it works?


Configure step-up authentication in your Android app

To accomplish step-up authentication for your Android app, you need to define a policy that challenges the user to authenticate with MFA.

CyberArk Identity SDK supports embedded MFA widget using WebView. Developers can easily integrate and load the MFA widget using Fragment view

For building web apps in WebView, refer to the following links.

1. Update configs.xml

<string name="acme_native_login_url"> {YOUR_NATIVE_LOGIN_URL} </string>
<string name="cyberark_widget_host_url"> {YOUR_WIDGET_HOST_URL} </string>
<string name="cyberark_widget_id"> {YOUR_WIDGET_IDL} </string>

2. Add “CyberArkMFAWidgetFragment” in a xml

    android:name="com.cyberark.identity.activity.view.CyberArkMFAWidgetFragment" />

3. Invoke “CyberArkMFAWidgetFragment” inside an Activity

val widgetURL = intent.getStringExtra("MFA_WIDGET_URL").toString()
val args = Bundle()
args.putString(WidgetConstants.WIDGET_URL, widgetURL)
val mfaWidgetFragment =
    supportFragmentManager.findFragmentById( as CyberArkMFAWidgetFragment
mfaWidgetFragment.arguments = args

4. Implement “CyberArkMFAWidgetFragment.LoginSuccessListener” in an Activity

override fun onLoginSuccess() {
    // TODO.. Implement post login success logic