Step-up authentication using the MFA widget

This topic enables the iOS mobile app to integrate the MFA widget for step-up or second-factor authentication using the Identity SDK

MFA is becoming the security standard for app authentication. You can secure your app by adding step-up authentication with CyberArk Identity MFA Widget. Users would be challenged with an additional authentication mechanism while accessing protected/sensitive resources like transferring funds, personal info, etc.

For instance, Acme requires users to authenticate with their username and password to access customer data. But if a user wants to transfer funds from one account to another, they must provide a second factor such as a password to complete the transaction.

You can also secure your mobile app by providing a second factor MFA using the Identity's MFA widget.

Prerequisites

Create authentication rule

Create an authentication rule that challenges the user to authenticate with MFA when the mobile app requests it. For steps and instructions for creating an authentication rule in the Admin Portal, refer to the following link.
https://docs.cyberark.com/Product-Doc/OnlineHelp/Idaptive/Latest/en/Content/CoreServices/Authenticate/MFA-AdminPortal.htm

To find your authentication Policies in the Admin Portal, navigate to Core Services > Policies > Authentication Policy.

Configure MFA Widget:

To find your authentication widgets in the Admin Portal, navigate to Web apps > Widgets. Refer to the following figures for an example.

19201920

📘

In the success handler of the hosted page add the following code:

widgetHandler.onLoginSuccess = function (loginResponse) {
window.webkit.messageHandlers.loginSuccessHandler.postMessage("loginSuccessHandler");
}

12851285

How it works?

10461046

Configure step-up authentication in your Android app

1. Create plist file

To customize your app with CyberArk Identity SDK features, create a custom plist file with the name IdentityConfiguration.plist. The plist file contains configuration information that is essential to receive a callback from CyberArk Identity. Copy the XML snippet below and configure it with your account information:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>domainoauth</key>
<string>{your_domain_url} </string>
<key>widgetid</key>
<string>{your_widgetid}</string>
<key>mfatenanturl</key>
<string>>{your_mfatenanturl}</string>
</dict>
</plist>

2. Invoke CyberArk Identity MFA widget

guard let config = plistValues(bundle: Bundle.main, plistFileName: "IdentityConfiguration") else { return }

provider.launchMFAWidget(userName:  userName.toString() ?? "", widgetID: config.widgetID, baseURL: config.mfaTenantURL, presentingViewconstroller: self, withCompletionHandler: nil)

func addWidgetObserver()  {
        provider.didReceiveApiResponse = {
             [weak self] status in
        }
}