Step-up authentication using the MFA widget
This topic enables the iOS mobile app to integrate the MFA widget for step-up or second-factor authentication using the Identity SDK
MFA is becoming the security standard for app authentication. You can secure your app by adding step-up authentication with CyberArk Identity MFA Widget. Users would be challenged with an additional authentication mechanism while accessing protected/sensitive resources like transferring funds, personal info, etc.
For instance, Acme requires users to authenticate with their username and password to access customer data. But if a user wants to transfer funds from one account to another, they must provide a second factor such as a password to complete the transaction.
You can also secure your mobile app by providing a second factor MFA using the Identity's MFA widget.
Prerequisites
Create authentication rule
Create an authentication rule that challenges the user to authenticate with MFA when the mobile app requests it. For steps and instructions for creating an authentication rule in the Admin Portal, refer to the following link.
https://docs.cyberark.com/Product-Doc/OnlineHelp/Idaptive/Latest/en/Content/CoreServices/Authenticate/MFA-AdminPortal.htm
To find your authentication Policies in the Admin Portal, navigate to Core Services > Policies > Authentication Policy.
Configure MFA Widget:
To find your authentication widgets in the Admin Portal, navigate to Web apps > Widgets. Refer to the following figures for an example.
In the success handler of the hosted page add the following code:
widgetHandler.onLoginSuccess = function (loginResponse) {
window.webkit.messageHandlers.loginSuccessHandler.postMessage("loginSuccessHandler");
}

How it works?
Configure step-up authentication in your Android app
1. Create plist file
To customize your app with CyberArk Identity SDK features, create a custom plist file with the name IdentityConfiguration.plist. The plist file contains configuration information that is essential to receive a callback from CyberArk Identity. Copy the XML snippet below and configure it with your account information:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>domainoauth</key>
<string>{your_domain_url} </string>
<key>widgetid</key>
<string>{your_widgetid}</string>
<key>mfatenanturl</key>
<string>>{your_mfatenanturl}</string>
</dict>
</plist>
2. Invoke CyberArk Identity MFA widget
guard let config = plistValues(bundle: Bundle.main, plistFileName: "IdentityConfiguration") else { return }
provider.launchMFAWidget(userName: userName.toString() ?? "", widgetID: config.widgetID, baseURL: config.mfaTenantURL, presentingViewconstroller: self, withCompletionHandler: nil)
func addWidgetObserver() {
provider.didReceiveApiResponse = {
[weak self] status in
}
}
Updated over 1 year ago