Native authentication allows you to customize the sign-in experience of your mobile apps to match your brand. It provides a secure and seamless way for users to sign in without being redirected to a browser. Microsoft offers two options for authentication:
1. Fully custom SDK based native authentication.
2. Microsoft-hosted browser-delegated authentication.
While browser-delegated authentication may compromise branding and user experience, it can reduce attack vectors. Microsoft Entra External ID supports both methods, with documentation available to help you decide which one to use.
The native authentication method currently supports email with OTP sign-in and email and password sign-in. To enable native authentication, you must register your application in the external tenant, enable public client and native authentication flows, grant admin consent, create user flows, associate the application with the user flow, and update your configuration code.
For Android and iOS/macOS platforms, you can use MSAL SDK for native authentication. You can find code samples for both platforms on GitHub and configure the code based on your Application (client) ID and Directory (tenant) subdomain. After configuring the code, you can run and test the sample app on your device.
By following these steps, you can successfully configure Microsoft Entra External ID native authentication
