Add a sign-in form to your mobile app

Use the Okta Client SDK to build a secure and complete sign-in experience for your mobile app, giving your users seamless access while protecting their data.

Introduction

You've built a mobile app to access your customer portal and want to add identity-related functionality like an admin area, user profiles, and more. Use the Okta Client SDK for a complete, native user experience.

Learn

There are three key elements to enabling a mobile sign-in form with the Okta platform:

• An Okta org is the hub for all configurations, users, and groups. It's created as part of your integrator account.
• Okta Identity Engine is the core server that verifies your users' identities.
• The Okta Client SDKs for Swift (opens new window) and Android (opens new window) provide a clean development experience for native app developers.

Plan

Consider how your users sign in when they access your portal before designing your sign-in form. Your Okta org includes three preset authentication policies (opens new window): password only, any one factor, and any two factors. Also, your org comes with four basic authentication factors enabled: password, email, SMS, and voice.

When you need to add an authentication factor (opens new window) or build a custom one, you can do it all in the Admin Console, no coding necessary.

Build

To integrate your mobile app with Okta, begin by creating an Okta account and org, and then set up the org. You can then implement a user-friendly sign-in experience using the Okta-hosted sign-in form or a self-hosted solution. After that, you can customize the authentication flow to meet your specific security requirements and brand aesthetics.

Set up your account

Sign up for an Okta account, and set up your new Okta org to test web apps:

• Get an Okta account
• Set up your org for basic testing

Add a way for users to sign in

To keep it simple, Okta suggests initiating the sign-in process when a user accesses your app. This is often referred to as a "federation model." The app then triggers the sign-in flow with all the necessary context.

The Okta platform offers various deployment models to integrate a sign-in form into your portal, using the app as a point of entry:

• Learn about the options for sign-in form deployment models.
• Choose the deployment model that best suits your scenario.

The Okta-hosted way

The Okta-recommended way to sign users in to your portal is to redirect them to an Okta-hosted sign-in page. This page displays the Okta Sign-In Widget, which you can customize to reflect your brand.

• Learn about the Okta Sign-In Widget
• Configure the Swift SDK for an Okta-hosted sign-in form
• Sign users into your mobile app by redirecting them to an Okta sign-in page

Learn how to customize the Sign-In Widget to match your app's theme or your company's brand.

The self-hosted way

The alternative is to add a custom sign-in form in your portal. Then, use direct authentication to connect to Okta and to sign the user in:

• Learn about direct authentication.
• Sign users in to your mobile app with a self-hosted sign-in page and the Mobile SDK.

Maintain a user session

After a user signs in, Identity Engine sends your app a set of tokens. These tokens identify the user, grant them access to their profile and other resources, and keep them signed in if they're idle for a while.

• Learn about tokens (the token lifecycle, and the different types of tokens)
• Secure your tokens and user credentials with the Mobile SDK
• Check for an existing session before asking a user to sign in
• Keep the user signed in beyond the session's expiry time

Add a way for users to sign out

How a user signs out of an app and what happens next are as important as how they sign in. What happens when they click the sign-out button? What do they see when they return to an app after their session has timed out? See the Add a sign-out experience guide for the answers.

Test your sign-in and sign-out flows

Now that you have everything set up, test that your sign-in and sign-out flows. See Validate SSO federation.

Related topics

Congratulations, your mobile app now successfully signs users in and out. You can expand and customize the basic functionality that you’ve implemented in many ways:

• Enable a user consent dialog for your app to access certain resources (opens new window)
• Sign users in with Facebook
• Secure your sign-in flow further with proof of possession
• Secure authentication with a push notification to your iOS device (opens new window)

Go deeper into the protocols underlying the sign-in processes:

• Learn about OAuth and OIDC
• Learn about Single Sign-On

This journey is part of the Secure your portal pathway, which also contains the following journeys:

• Apply your brand to the Okta user experience
• Sign users in through your web app
• Secure your first web app