September 30th, 2024

Announcing the General Availability (GA) of Native Authentication for Microsoft Entra External ID

Today we announce that Native Authentication for Microsoft Entra External ID is now Generally Available! Initially released in March in Public Preview, Native Authentication empowers you to take complete control over the design of the login experience.

Balancing flexibility with robust security is critical to building trust and confidence with users. Native Authentication for Microsoft Entra External ID allows you to craft pixel-perfect, brand-aligned authentication user flows that are seamlessly integrated into your mobile apps—removing the need to redirect users to an external browser. While at the same time, ensuring that sign-in and sign-up processes remain secure and frictionless. This balance of customization and security drives better onboarding, retention, and, ultimately, user trust.

Key Features

Full control over the user experience: Native Authentication allows you to have full control over the login experience. This means you can craft pixel-perfect user interfaces that align with your brand guidelines, without relying on system web browsers.

Platform SDKs for easy integration: The Microsoft Authentication Library (MSAL) SDK, available for both Android and iOS, now supports Native Authentication. The SDK simplifies integration with intuitive interfaces that require no deep identity expertise, securely manages tokens, and uses state machines to minimize developer error.

Secure from the ground up: The Native Authentication SDK and the underlying API have been designed from the ground up with security in mind. The Microsoft Identity standards team and other industry players are working within the IETF to define a new standard that enables first-party clients to support native interaction patterns. Our API and SDK are based on this and enable native apps to authenticate securely, leveraging platform security capabilities.

How to use native authentication 

You can build apps that use native authentication by using our native authentication API or the Microsoft Authentication Library (MSAL) SDK for Android or iOS. Whenever possible, we recommend you use MSAL to add native authentication to your apps. If you are planning to create a mobile app on a framework that is currently not supported by MSAL, you can use our authentication API.

The MSAL SDK abstracts the underlying protocol and provides you with simple, intuitive scenario-based interfaces. For example, to sign a user in using the email one-time passcode flow, it captures the user’s email and sends them an email containing a one-time passcode to verify their email. When the user enters the valid one-time passcode, the app signs them in.

In the example below where we sign a user in, we use the library’s signIn(username) method. The function will return a result that you can assign to the actionResult field. The actionResult represents the result of the previously performed action and can take multiple states (forms).

To implement this, add a button to your application that calls the following code snippet when selected:

Kotlin

CoroutineScope(Dispatchers.Main).launch { 
     val actionResult = authClient.signIn( 
         username = emailAddress
     ) 

     if (actionResult is SignInResult.CodeRequired) { 
         val nextState = actionResult.nextState 
         val submitCodeActionResult = nextState.submitCode( 
             code = code 
         ) 

         if (submitCodeActionResult is SignInResult.Complete){ 
             // Handle sign in success 
             val accountState = submitCodeActionResult.resultValue 
             val accessTokenResult = accountState.getAccessToken() 
             if (accessTokenResult is GetAccessTokenResult.Complete) { 
                 val accessToken = accessTokenResult.resultValue.accessToken 
                 val idToken = accountState.getIdToken() 
             } 
         } 
     } 
 }

Error scenarios, such as ‘user not found’, can be handled as shown in the code snippet below:

Kotlin

val actionResult = authClient.sign( 
    username = emailAddress 
) 
if (actionResult is SignInResult.CodeRequired) { 
    // Next step: submit code 
} else if (actionResult is SignInError) { 
    // Handle sign in errors 
    when { 
         actionResult.isUserNotFound() -> { 
             // Handle "user not found" error 
         } 
         else -> { 
             // Handle other errors 
         } 
     } 
} 

Ready to get started?

Stay connected and informed

To learn more or test out features in the Microsoft Entra suite of products, visit our identity developer center. Make sure you subscribe to the Identity developer blog for more insights and to keep up with the latest on all things Identity. And, follow us on YouTube for video overviews, tutorials, and deep dives.

0 comments

Discussion are closed.