Step-up authentication using the MFA widget

MFA is becoming the security standard for app authentication. You can secure your app by adding step-up authentication with CyberArk Identity MFA Widget. Users would be challenged with an additional authentication mechanism while accessing protected/sensitive resources like transferring funds, personal info, etc.

For instance, Acme requires users to authenticate with their username and password to access customer data. But if a user wants to transfer funds from one account to another, they must provide a second factor such as a password to complete the transaction.

You can also secure your mobile app by providing a second factor MFA using the Identity's MFA widget.


Create authentication rule

Create an authentication rule that challenges the user to authenticate with MFA when the mobile app requests it. For steps and instructions for creating an authentication rule in the Admin Portal, refer to the following link.

To find your authentication Policies in the Admin Portal, navigate to Core Services > Policies > Authentication Policy.

Configure MFA Widget:

To find your authentication widgets in the Admin Portal, navigate to Web apps > Widgets. Refer to the following figures for an example.


How it works?


Step-up authentication in Java angular sample app



  1. Setup OpenID Connect (OIDC) custom application in CyberArk Identity tenant
  2. Install the CyberArk Identity Java-angular sample app
  3. Setup the Java-angular sample app


Please refer to to see how an MFA widget can be embedded into a Java-angular app

For step-up authentication, please refer to

After successful login to the sample app, clicks on the 'Funds transfer' tab.

  • After entering the amount, click on Transfer button. The user is prompted with the MFA widget.
  • Once the user has completed the MFA challenges, the funds are transferred successfully.