Configure the Custom Authenticator

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

The Custom Authenticator interacts with the Devices SDK to allow you to configure your own branded push service and embed push notifications and biometric verification directly into your organization's mobile app. Your users don't have to leave your app to perform verification in another app when they attempt to sign in to your service.

Before you begin

Deploying custom push verification functionality is a multi-step process. You must perform several tasks in the Devices SDK before you can configure notification services and the Custom Authenticator. See Custom authenticator integration guide - Android or Custom authenticator integration guide - iOS for prerequisites and instructions.

Add the Custom Authenticator as an authenticator

  1. In the Admin Console, go to Security > Authenticators.

  2. On the Setup tab, click Add Authenticator.
  3. Click Add on the Custom Authenticator tile.
  4. Configure the following settings:
  • Authenticator name: Type a name for the custom authenticator; this is the name that will be used when you sign in using the authenticator.
  • Add to existing application: Select the application that will receive the push MFA prompt.
  • User Verification: Select option to determine whether users must provide a PIN or biometric verification during authentication.
    • Preferred - User verification is optional.
    • Required - User verification is required.
  • Authenticator logo: Select the logo that users will see on authentication screens.
    • Browse files - Click this button and select an SVG file from the file selection screen.
    • Use default logo - Click this button to use the default logo.

      Okta Lock Icon

  1. Configure the connection to the push notification service:
    • APNs configuration - Select the connection to the APNs that you want the custom authenticator to use.
    • Production Bundle ID - Select the production bundle ID for the connection to the APNs that you want to use.
    • Debug Bundle ID - Select the debug bundle ID for the connection to the APNs that you want to use.
    • FCM configuration - Select the connection to the FCM service that you want the custom authenticator to use.
  2. Select the checkbox to agree to Okta's Terms and Conditions. By adding this feature, you agree on behalf of the entity you represent that it is your sole responsibility to provide any required notices and disclosures to end users, including any necessary information from https://www.okta.com/privacy-policy.
  3. Click Add.

Related topics

Custom authenticator integration guide - Android

Custom authenticator integration guide - iOS

Notification services

Establishing a token-based connection to APNs