Monkton MFA Kit for iOS

Monkton, Inc.

MFAKit for iOS supports a few major methods of securely authenticating. Rebar supports username and password, as well as DISA Purebred, Yubico 5C keys, and Entrust.

The Rebar Hub will need to be configured to accept your PIV credentials. This is explained under the Rebar Hub management help.

Adding MFAKit

At this time, MFAKit is only required for apps using Yubico. Rebar natively supports Purebred and username/password.

To add MFAKit to your app, within Xcode:

  • Select your App
  • Select the desired Target
  • Under Frameworks, Libraries, and Embedded Content tap the + button
  • Select Add Other and navigate to the MFAKit.framework under rebar-sdk/Development folder
  • Ensure Embed and Sign are selected

Purebred Support

DISA Purebred is the de-facto standard for PIV authentication within the Department of Defense. Rebar automatically supports DISA Purebred.

Under your app's config file, you will need to change the rebar.auth value to purebred. From there, Rebar will take over and perform all the PIV authentication.

"rebar.auth":"purebred"

Yubico PIV Support

Monkton was the first to announce support on iOS for the Yubico PIV. Meaning, if PKI credentials are loaded onto a Yubikey, developers have to write zero code to use PIV with the Yubico.

To use Yubico, you will need to add the following to your app's PList:

<key>UISupportedExternalAccessoryProtocols</key>
<array>
    <string>U2F</string>
    <string>com.yubico.ylp</string>
</array>

Under your app's config file, you will need to change the rebar.auth value to yubico-piv. From there, Rebar will take over and perform all the PIV authentication.

"rebar.auth":"yubico-piv"

Note Yubico and Apple require coordination of apps released with Yubico support. Please contact support@monkton.io for more information.

Username and Password

To use username and password, you will need to change the rebar.auth value to credentials. From there, Rebar will take over and perform all the authentication.

"rebar.auth":"credentials"

Integration Checklist

Rebar Authentication Checklist

  • Determine Credential Type

    Validate your organizations authentication needs and available options. Determine the correct authentication method for your internal policies.

  • Integrate MFAKit

    Ensure that you have correctly integrated MFAKit into your desired project and

  • Set app-config.json to support correct authentication type

    Ensure that you have picked the correct `rebar.auth` value in your app config. This value can be pushed via Managed App Config.