Online Banking Okta Integration for Mobile Application Authentication

What way is best to present the sign on: WebView Controller, Okta AppAuth SDK, or Okta Authentication SDK?


This article will help you make an educated decision when choosing your method to provide mobile application authentication. By properly setting up one of the following solutions, you reduce the risk of credentials being mined or stolen by a third party.

Option 1 - Use a WebView Controller to present the sign-on


For this option, the Okta Sign-On Widget is presented in a WebView controller in the mobile application. The widget must be hosted within your platform to manage the login flows and redirects.


Pros:

  • This option provides the most control over the branded look and feel of the Okta widget

  • This option provides the ability to insert additional content such as CMS or marketing notifications

Cons:

  • The client credentials may be exposed to the underlying mobile application during the login process

  • This option does not support mobile single sign on functionality

Option 2 - Use the Okta AppAuth SDK


The Okta AppAuth SDK is launched from a sign-in button in the mobile application. When the user clicks this button, a mobile browser window is opened with the Okta widget to provide the authentication flow.


Pros:

  • The AppAuth SDK is the most secure method of providing mobile application authentication via Okta

  • This is the only method that provides full authentication functionality (e.g. single sign on, multi-factor authentication, registration). This is the only method that provides single sign on to mobile applications

Cons:

  • The user experience is not as smooth with this option, as the authentication flow must open in a separate browser



Option 3 - Use the Okta Authentication SDK


The Okta Authentication SDK can be leveraged to provide a custom API-based authentication flow within the mobile application. However, this flow cannot handle single sign on. Other applications on the device cannot leverage the same login session with this option.


Pros

  • This provides the most authentication functionality, including password reset

  • This option supports multi-factor authentication if you use the Authentication SDK with the OktaAuth SDK

  • The user experience and branding can be completely customized with this option

Cons

  • This option does not support single sign on functionality

  • The client credentials may be exposed to the underlying mobile application during the login process



Recommendation


We recommend Option 2 - Use the Okta AppAuth SDK as this is the only method that provides single sign on for mobile users, and provides you with the most security.


Appendix


The following screenshots outline the user experience difference between Option #2 and #3


Option 1 - Use a WebView Controller to present the sign-on


Using a WebView to control application authentication is a very similar user experience to using AppAuth on Android. The user is presented with an embedded browser window for authentication.


Option 2 - Use the Okta AppAuth SDK - IOS Experience


Option 2 - Use the Okta AppAuth SDK - Android Experience


The AppAuth SDK on Android devices appears as a browser window that presents the Okta Sign-In Widget for authentication.



Option 3 - Use the Okta Authentication SDK


Using the Authentication SDK allows for a completely custom login experience. The experience between iOS and Android only differs in mobile OS layout and styling. The user experience is almost identical.



©2020 by TechJutsu.

  • LinkedIn