{"id":2012,"date":"2024-09-30T10:25:22","date_gmt":"2024-09-30T17:25:22","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/identity\/?p=2012"},"modified":"2024-10-21T07:04:12","modified_gmt":"2024-10-21T14:04:12","slug":"native-auth-for-external-id-ga","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/identity\/native-auth-for-external-id-ga\/","title":{"rendered":"Announcing the General Availability (GA) of Native Authentication for Microsoft Entra External ID"},"content":{"rendered":"<p>Today we announce that Native Authentication\u202ffor Microsoft Entra External ID is now Generally Available! Initially\u202f<a href=\"https:\/\/devblogs.microsoft.com\/identity\/native-auth-for-external-id\/\">released in March in Public Preview<\/a>, Native Authentication empowers you to take complete control over the design of the login experience.<\/p>\n<p>Balancing flexibility with robust security is critical to building trust and confidence with users. Native Authentication\u202ffor Microsoft Entra External ID allows you to craft pixel-perfect, brand-aligned authentication user flows that are seamlessly integrated into your mobile apps\u2014removing the need to redirect users to an external browser. While at the same time, ensuring that sign-in and sign-up processes remain secure and frictionless. This balance of customization and security drives better onboarding, retention, and, ultimately, user trust.<\/p>\n<p><div  class=\"d-flex justify-content-center\"><a class=\"cta_button_link btn-primary mb-24\" href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/external-id\/customers\/concept-native-authentication\" target=\"_blank\">Get Started with Native Authentication<\/a><\/div><\/p>\n<h2>Key Features<\/h2>\n<p><strong>Full control over the user experience:<\/strong> Native Authentication allows you to have full control over the login experience. This means you can craft pixel-perfect user interfaces that align with your brand guidelines, without relying on system web browsers.<\/p>\n<p><iframe width=\"1252\" height=\"704\" src=\" https:\/\/www.youtube.com\/embed\/rp7FJdfcB5o\" allowfullscreen><\/iframe><\/p>\n<p><strong>Platform SDKs for easy integration:<\/strong> The Microsoft Authentication Library (MSAL) SDK, available for both Android and iOS, now supports Native Authentication. The SDK simplifies integration with intuitive interfaces that require no deep identity expertise, securely manages tokens, and uses state machines to minimize developer error.<\/p>\n<p><center>\n  <div style=\"width: 640px;\" class=\"wp-video\"><video class=\"wp-video-shortcode\" id=\"video-2012-1\" width=\"640\" height=\"360\" preload=\"metadata\" controls=\"controls\"><source type=\"video\/mp4\" src=\"https:\/\/devblogs.microsoft.com\/identity\/wp-content\/uploads\/sites\/74\/2024\/09\/Native-Auth-SDK-state-machine.mp4?_=1\" \/><a href=\"https:\/\/devblogs.microsoft.com\/identity\/wp-content\/uploads\/sites\/74\/2024\/09\/Native-Auth-SDK-state-machine.mp4\">https:\/\/devblogs.microsoft.com\/identity\/wp-content\/uploads\/sites\/74\/2024\/09\/Native-Auth-SDK-state-machine.mp4<\/a><\/video><\/div>\n<\/center><\/p>\n<p><strong>Secure from the ground up:<\/strong> The Native Authentication SDK and the underlying API have been designed from the ground up with security in mind. The Microsoft Identity standards team and other industry players are working within the IETF to define a new standard that enables first-party clients to support native interaction patterns. Our API and SDK are based on this and enable native apps to authenticate securely, leveraging platform security capabilities.<\/p>\n<h2>How to use native authentication\u202f<\/h2>\n<p>You can build apps that use native authentication by using our\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity-platform\/reference-native-authentication-overview\">native authentication API<\/a>\u202for the Microsoft Authentication Library (MSAL) SDK for\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/external-id\/customers\/how-to-run-native-authentication-sample-android-app\">Android<\/a>\u202for\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/external-id\/customers\/how-to-run-native-authentication-sample-ios-app\">iOS<\/a>. Whenever possible, we recommend you use MSAL to add native authentication to your apps. If you are planning to create a mobile app on a framework that is currently not supported by MSAL, you can use our\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity-platform\/reference-native-authentication-overview\">authentication API<\/a>.<\/p>\n<p>The MSAL SDK abstracts the underlying protocol and provides you with simple, intuitive scenario-based interfaces. For example, to sign a user in using the\u202f<strong>email one-time passcode<\/strong>\u202fflow, it captures the user\u2019s email and sends them an email containing a one-time passcode to verify their email. When the user enters the valid one-time passcode, the app signs them in.<\/p>\n<p>In the example below where we sign a user in, we use the library\u2019s <code>signIn(username)<\/code> method. The function will return a result that you can assign to the\u202f<code>actionResult<\/code>\u202ffield. The\u202f<code>actionResult<\/code>\u202frepresents the result of the previously performed action and can take multiple states (forms).<\/p>\n<p>To implement this, add a button to your application that calls the following code snippet when selected:<\/p>\n<h3>Kotlin<\/h3>\n<pre><code>CoroutineScope(Dispatchers.Main).launch { \n     val actionResult = authClient.signIn( \n         username = emailAddress\n     ) \n\n     if (actionResult is SignInResult.CodeRequired) { \n         val nextState = actionResult.nextState \n         val submitCodeActionResult = nextState.submitCode( \n             code = code \n         ) \n\n         if (submitCodeActionResult is SignInResult.Complete){ \n             \/\/ Handle sign in success \n             val accountState = submitCodeActionResult.resultValue \n             val accessTokenResult = accountState.getAccessToken() \n             if (accessTokenResult is GetAccessTokenResult.Complete) { \n                 val accessToken = accessTokenResult.resultValue.accessToken \n                 val idToken = accountState.getIdToken() \n             } \n         } \n     } \n }\n<\/code><\/pre>\n<p>Error scenarios, such as \u2018user not found\u2019, can be handled as shown in the code snippet below:<\/p>\n<h3>Kotlin<\/h3>\n<pre><code>val actionResult = authClient.sign( \n    username = emailAddress \n) \nif (actionResult is SignInResult.CodeRequired) { \n    \/\/ Next step: submit code \n} else if (actionResult is SignInError) { \n    \/\/ Handle sign in errors \n    when { \n         actionResult.isUserNotFound() -&gt; { \n             \/\/ Handle \"user not found\" error \n         } \n         else -&gt; { \n             \/\/ Handle other errors \n         } \n     } \n} \n<\/code><\/pre>\n<p>Ready to get started?<\/p>\n<p><div  class=\"d-flex justify-content-center\"><a class=\"cta_button_link btn-primary mb-24\" href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/external-id\/customers\/concept-native-authentication\" target=\"_blank\">Get Started with Native Authentication<\/a><\/div><\/p>\n<h2>Stay connected and informed<\/h2>\n<p>To learn more or test out features in the Microsoft Entra suite of products, visit our\u202f<a href=\"https:\/\/developer.microsoft.com\/en-us\/identity\/\">identity developer center<\/a>. Make sure you subscribe to the\u202f<a href=\"https:\/\/devblogs.microsoft.com\/identity\/\">Identity developer blog<\/a>\u202ffor more insights and to keep up with the latest on all things Identity. And, follow us on <a href=\"https:\/\/www.youtube.com\/@MicrosoftSecurity\/playlists\">YouTube<\/a> for video overviews, tutorials, and deep dives.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introducing the General Availability (GA) of Native Authentication for Microsoft Entra External ID! A feature that allows you to design and control the sign-in experience within your mobile apps.<\/p>\n","protected":false},"author":119380,"featured_media":1691,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[32,33],"tags":[16,47,50,39],"class_list":["post-2012","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-product-updates","tag-entra","tag-external-id","tag-identity","tag-native-authentication"],"acf":[],"blog_post_summary":"<p>Introducing the General Availability (GA) of Native Authentication for Microsoft Entra External ID! A feature that allows you to design and control the sign-in experience within your mobile apps.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/2012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/users\/119380"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/comments?post=2012"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/2012\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media\/1691"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media?parent=2012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/categories?post=2012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/tags?post=2012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}