Configure the Custom Authenticator

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

The Custom Authenticator interacts with the Devices SDK to allow you to configure your own branded push service and embed push notifications and biometric verification directly into your organization's mobile app. Your users don't have to leave your app to perform verification in another app when they attempt to sign in to your service.

Before you begin

Deploying custom push verification functionality is a multi-step process. You must perform several tasks in the Devices SDK before you can configure the notification services and the Custom Authenticator. See Custom Authenticator integration guide - Android or Custom Authenticator integration guide - iOS for prerequisites and instructions.

Add the Custom Authenticator as an authenticator

  1. In the Admin Console, go to Security > Authenticators.

  2. On the Setup tab, click Add Authenticator.
  3. Click Add on the Custom Authenticator tile.
  4. Configure the following settings:
    • Authenticator name: Type a name for the Custom Authenticator. This is the name that is used when you sign in using the authenticator.
    • Add to existing application: Select the application that receives the push MFA prompt.
    • User Verification: Choose an option to determine whether users must provide a PIN or biometric verification during authentication.
      • Preferred: User verification is optional.
      • Required: User verification is required.
    • Authenticator logo: Select the logo that users see on authentication pages.
      • Browse files: Click this button and select an SVG file from the file selection page.
      • Use default logo: Click this button to use the default logo.

        Okta Lock Icon

  5. Configure the connection to the push notification service:
    • APNs configuration: Select the connection to the APNs that you want the Custom Authenticator to use.
    • Production Bundle ID: Select the production bundle ID for the connection to the APNs that you want to use.
    • Debug Bundle ID: Select the debug bundle ID for the connection to the APNs that you want to use.
    • FCM configuration: Select the connection to the FCM service that you want the Custom Authenticator to use.
  6. Select the checkbox to agree to the Okta Terms and Conditions. By adding this feature, you agree on behalf of the entity you represent that it is your sole responsibility to provide any required notices and disclosures to end users, including any necessary information from https://www.okta.com/privacy-policy.
  7. Click Add.

Deactivate a Custom Authenticator

You can't deactivate an authenticator if it is in use by a policy or application in your org. You must alter any policies or applications to use a different authenticator before deactivating a Custom Authenticator.

  1. In the Admin Console, go to Security > Authenticators.

  2. Click Actions beside the name of the authenticator.

  3. If the authenticator is active, click Deactivate.

Related topics

Custom Authenticator integration guide - Android

Custom Authenticator integration guide - iOS

Notification services

Establishing a token-based connection to APNs