<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
Custom Authenticator Missing From Okta Sign-In Widget During Enrollment
Okta Identity Engine
SDKs & Libraries
Overview

This article explains why a custom authenticator does not appear in the User Interface (UI) or Sign-In Widget (SIW) when attempting to enroll a new authenticator.

Applies To
  • Custom Push authenticators
  • Okta Devices Software Development Kit (SDK)
  • Android (Kotlin)
  • MyAccount App Authenticators Application Programming Interface (API)
  • Sign-In Widget (SIW)
  • Okta identity Engine (OIE)
Cause

Custom Push authenticators are hidden in the SIW because the standard widget cannot access the internal push tokens of a mobile application. Enrollment requires a registration token from Firebase Cloud Messaging (FCM). Since the widget cannot capture these tokens or generate the necessary metadata, it cannot facilitate the enrollment of a custom application.

Solution

Custom Push authenticators must be enrolled programmatically within the specific mobile application using the SDK or the MyAccount App Authenticators API. To resolve the issue, perform the following:

  1. Capture the registration token from FCM within the mobile application code.

val enrollments: List<PushEnrollment> = authenticator.allEnrollments().getOrThrow()

// Find the enrollment associated with the current user
enrollments.find { it.user().name == "myUser" }?.let { pushEnrollment ->
    pushEnrollment.updateRegistrationToken(AuthToken.Bearer("accessToken"), FcmToken("newToken"))
        .onSuccess { println("success") }
        .onFailure { println("failure") }
}

 

  1. Trigger the enrollment flow from inside the mobile application and pass the captured token to Okta by using the enroll() method provided in the Okta Devices SDK for Kotlin.
val authConfig = DeviceAuthenticatorConfig(URL(orgUrl), "oidcClientId")
val result = authenticator.enroll(AuthToken.Bearer("accessToken"), authConfig, EnrollmentParameters.Push(FcmToken("registrationToken"), enableUserVerification = false, enableCiba = false))
if (result.isSuccess) {
    val pushEnrollment: PushEnrollment = result.getOrThrow()
}

 

 

Loading
Custom Authenticator Missing From Okta Sign-In Widget During Enrollment