-
Start WSO2 Identity Server with Entgra Connector:
- Download the latest version of WSO2 Identity Server from here.
- Integrate the connector into the Identity Server following the instructions here.
- Start the WSO2 Identity server and access the console at http://localhost:9443/console.
-
Create and Configure a New Application:
- In the WSO2 IS console, navigate to the Application section and click on the New Application button.
- Choose Mobile Application template.
- Provide a name for the application (e.g., ISEntgra), enter
wso2entgra://oauth2
as the Authorized Redirect URIs, and click Register. You will be redirected to the Protocol section of the created application.
When configuring the callback URL for testing in an Android emulator, use
http://10.0.2.2:8081
. This special IP address is used by Android emulators to access the localhost (127.0.0.1
) of your development machine.-
In the Protocol section, make sure the Code grant type is enabled.
-
Under Allowed Origins, input the same URIs as the Redirect URIs and click Update.
-
Copy down the Client ID and Client Secret of the application.
-
Navigate to the Sign-in Method section.
-
Choose and configure a Multi-factor Authentication option, such as TOTP. For more information on MFA options, read the guide here.
-
Turn on Conditional Authentication by switching the toggle in the respective section. For detailed instructions on configuring Conditional Authentication, refer to this documentation.
-
Paste the following script in the script editor:
var onLoginRequest = function(context) { deviceID = context.request.params.deviceID[0]; platformOS = context.request.params.platformOS[0]; executeStep(1, { onSuccess : function (context) { getDeviceInfoEntgra(context, platformOS, deviceID, { onSuccess : function (context, deviceInfo) { if (deviceInfo) { if(deviceInfo.IS_DEV_MODE == "true") { executeStep(2); } } }, onFail : function (context, error) { var errorMap = { "errorCode": error.errorCode, "errorMessage" : error.errorMessage }; fail(errorMap); } }); } }); };
Note: In the
getDeviceInfoEntgra
function’sonSuccess
event handler, you can access device information (e.g.,deviceInfo.IS_DEV_MODE
,deviceInfo.ROOTED
,deviceInfo.IS_ADB
). See the Entgra adaptive authentication script documentation for more details. -
Set Up Entgra Configuration:
- Go to the Login & Registration tab from the side panel and find the Entgra Configuration card under Other Settings.
- Click on the Entgra Configuration card and enter the following configurations:
Setting Value Enable Entgra True Token URL https://{hostname}/oauth2/token
Device Information URL https://{hostname}/api/device-mgt/v1.0/devices/1.0.0
Client Key Client ID from the Service Provider in Entgra IoT server Client Secret Client Secret from the Service Provider in Entgra IoT server - Click
Update
to save these configurations.