back to the blog

Add a second-factor to Okta log in with YouFace Written on

Add a second-factor to Okta log in with YouFace

When adding a second-factor to a web application that contains sensitive personal information, you should opt for the strongest factor possible, or even consider deploying a multi-factor authentication flow.

In this blog post, we show how to protect users’ credentials in your application with YouFace as a second-factor.

What is the purpose of adding a second-factor to an authentication flow?

It is highly ineffective to authenticate users using passwords nowadays. Phishing and credential-based attacks have become increasingly common in the past few years, with devastating effects for both businesses and customers. According to IBM, 19% of the data breaches in 2022 were caused by stolen or compromised credentials. For highly regulated industries, such as financial services, it can take a whole year for the data breach costs to be accrued.

Two-factor authentication minimizes these problems by making it more difficult for unauthorized parties to access user credentials. Two-factor authentication, also known as 2FA, provides an extra layer of security, requiring end-users to verify their identities through two types of identifiers to access an application, system, or network.

Add a second-factor to Okta login with YouFace

YouFace allows you to add a second factor to any authentication workflow by using the most unique thing users have: their faces. Face authentication has been adopted by many developers as a secure and private means of verifying the identity of users without compromising their experience.

Prerequisites

This app integration has the following requirements:

  • An Okta Account.
  • An Youverse account. If you do not already have one, you can sign up here. To get a free trial license please e-mail us at support@youverse.id.
  • A Python developer environment.

Install Youverse app integration in your Okta instance

  • Sign in to your organization’s Okta Admin Console.
  • In the Admin Console, go to Applications > Applications. Click Browse App Catalog and search for YooniK, and then click Add. 
  • Enter an Application Label in General Settings. This is the name under which the YooniK app will appear in your Okta dashboard.
  • Click Done.
  • In the Sign On tab, under the Settings section click Edit and fill the Domain field with the domain you will be using to deploy your custom Web Application (for testing, you can use the default localhost domain: http://127.0.0.1:8080).
  • In the Assignments tab, assign the application to the desired users or groups.

Configure the Web Application

  • The following steps cover the configuration and deployment of a sample application that enables you to test your Youverse and Okta integration. Clone the example application repository from GitHub to a local folder on your system.  
  • Open a terminal and change to the base directory where you cloned the repository.
  • Then install dependencies: $ pip install -r requirements.txt.
  • Copy the client_secrets.json.dist to client_secrets.json: $ cp client_secrets.json.dist client_secrets.json.
  • You now need to gather the following information from the Okta Admin Console:
    • Client ID and Client Secret - These can be found on the Sign On tab of the Youverse app integration that you installed earlier in the Okta Admin Console.
    • Open ID Connect URLs - These are the authorization_endpoint, token_endpoint and userinfo_endpoint for your Okta domain that can be found by clicking on OpenID Provider Metadata link under the Sign On tab.
  • Additionally, you need to gather the Youverse API URL and YooniK API key from your YooniK account dashboard (or by contacting support@youverse.id).
  • Fill in the information that you gathered in the client_secrets.json file.
Note: If you set a custom domain for this app in the Sign On tab in Okta Admin Console (different than http://127.0.0.1:8080), please update the "redirect_uri"in client_secrets.json accordingly.

You are now ready to start testing your new app with Okta login and YooniK Face Authentication as a second-factor!

Test the Web Application

  • Launch the app server from a terminal window: $ python main.py.
  • Now navigate to http://127.0.0.1:8080 in your browser. If you see a home page that prompts you to log in, then things are working.;
  • Clicking the Log in button will redirect you to the Okta hosted sign-in page. Enter the credentials of a valid Okta account and proceed.
  • Then a new screen will be displayed to perform the second-factor authentication with YooniK. Just look at your webcam and click the take selfie button.
  • After the face authentication, you are logged in to the application.

If you find any issues or need help with the setup please contact us or join us at our discord community.

Newsletter subscription icon
Subscribe to our Newsletter!
The latest posts delivered to your inbox.
Youverse uses cookies to ensure you get the best experience. By clicking "Allow", you agree to our Cookies Policy.
Allow