Create an MFA Widget

This topic describes the CyberArk Identity MFA widget that adds a second-factor authentication and step-up authentication to your website or mobile app. If you are using an in-house primary authentication mechanism you cad add an additional layer of security by adding a second-factor authentication.

The CyberArk Identity MFA widget also provides least-privileged access and additional privileges to a user through step-up authentication for a short period of time, while implementing standards like OIDC and SAML.

The following diagram illustrates how a user can sign in to an external website called Acme Inc. with an in-house primary authentication mechanism, and then invoke MFA widget for second-factor authentication.

The following functions are supported by the MFA widget when it's integrated with a web app:

Before you begin

Specify trusted domains for API calls to prevent cross-origin resource sharing attacks before creating and deploying widgets.

  1. In the Admin portal, go to Settings > Authentication > Security Settings.

  2. In the API Security section, click Add under Specify Trusted DNS Domains for API Calls and select the domain that serves the widget page to the trusted domains of your tenant. For example, localhost.

Create an MFA Widget

The following procedure describes how to create and customize an MFA Widget.

Step 1: Add the MFA Widget

  1. Go to Apps & Widgets > Widgets, then on the top right corner, click Add widget.

  2. Select MFA Widget from the drop-down list.

    The Get started page of the selected widget appears and you can customize the widget for your needs.

Step 2: Get started with the configuration

Update the following fields in the Get started tab:

Name Description

Widget name

Enter a unique name for your widget. This is a required field.

Select the application that the user will be redirected to after authentication

Select a web app from the list of deployed applications to link to the widget. After a successful signin, you are redirected to the selected application.

See Integrate a widget with the OIDC app for more information.

Step 3: Configure the Styling tab

Use the Styling tab to customize the look and feel of the widget, to match your branding. This customization is reflected in the Login and Sign-up forms. For more details, see Customize portal and login windows.

Step 4: Configure the Deploy tab

The final step is to download the widget to host or embed it into your web apps. There are two ways to do this:

  • Click Download Html to download the HTML and embed it into your web apps. For more details, see Embed the widget into your web app.

  • Click Copy URL to copy the URL of the MFA page and create a customized MFA page, hosted by CyberArk using the widget customization javascript editor.

    For more details, see Embed a widget hosted by CyberArk.