When using the native journey or embedded journey, your application client requires additional configuration in the Admin Console. These settings control how email-initiated flows reach your application and which origins are trusted for passkey and WebAuthn authentication.
To access these settings, go to Applications → Select your application → Select your native client → SDK configuration tab.
Entry URL
The Entry URL is the address of your application that Strivacity will embed in outgoing emails for flows such as password reset and account activation. When a user opens the link in such an email, this URL is used to open your application and continue the flow.
Set this to the base URL where your application is currently running. For example:
- During local development:
http://localhost:4200/entry-redirect - In production:
https://app.example.com/entry-redirect
On mobile, this URL must also be registered as a deep link in both your iOS and Android applications so the operating system knows to open your app when the URL is triggered.
To see example implementations, refer to the example app of the SDK you are using. Links are available on the JavaScript SDKs and Mobile SDKs pages.
Web configuration
The Web configuration section defines the trusted origins (domains) allowed to perform WebAuthn and passkey authentication. Strivacity uses these domains to whitelist origins for CORS (Cross-Origin Resource Sharing).
Add every domain from which your application will initiate passkey registration or authentication. For example:
- During development:
http://localhost:4200 - In production:
https://app.example.com
Android configuration
The Android configuration section registers your native Android applications for origin validation during passkey authentication. Each entry requires the application's package name and its cryptographic fingerprint (SHA-256 certificate hash).
Strivacity uses these values to verify that passkey requests originate from your legitimate Android app.
For instructions on retrieving the SHA-256 certificate fingerprint, refer to the Android documentation on verifying app identity for passkeys.
Android passkey requirements
For passkeys to work on an Android device or emulator, the following requirements must be met:
- The Android OS image must have Google Play Services enabled (vanilla AOSP images without Play Services are not sufficient).
- Minimum SDK version is API level 29 (Android 10).
- The device must have a lock screen configured (for example, a PIN).
- The device must have a biometric authenticator enrolled (for example, a fingerprint).
- A valid Authenticator must be present:
- On API level 33 and below, passkeys are managed by Google Play Services, so the device must be signed in to a Google account.
- On API level 34 and above, a local authenticator is sufficient without requiring a Google account.
iOS configuration
The iOS configuration section registers your native iOS applications for origin validation during passkey authentication. Each entry requires your application's App ID (Team ID + Bundle ID).
Strivacity uses these values to verify that passkey requests originate from your legitimate iOS app.
iOS passkey requirements
For passkeys to work on an iOS device or simulator, the following requirements must be met:
- iOS 16 or later is required.
- The device must have a passcode set up.
- Face ID or Touch ID must be enrolled on the device.
- iCloud Keychain must be enabled: passkeys are stored in and synced via iCloud Keychain.
- The device must be signed in with an Apple ID for iCloud Keychain to function.
When testing on a simulator:
- Use Xcode 14 or later with an iOS 16+ simulator image.
- Set up a passcode on the simulator via Settings.
- Enable Face ID or Touch ID simulation via the Xcode simulator menu (Features → Face ID / Touch ID).
- Note that iCloud Keychain sync is limited in the simulator. Passkeys created on one simulator instance may not be available on another.