Configuring Advanced Authentication in Android Apps

In Salesforce orgs that use My Domain for advanced authentication, Mobile SDK requires a small amount of configuration in the client app. Android apps that use certificate-based authentication don’t require configuration within the Mobile SDK app.

For advanced authentication support in Android applications, Mobile SDK uses a Chrome custom tab. If Chrome isn’t available at runtime, Mobile SDK uses the default system browser. Browser-based authentication requires the following.

  • A browser must be installed on the device.
  • If you use MDM, the browser must be installed in the work partition.

Optionally, you can configure which browser the application selects by using this method.

To see the currently selected custom tab browser, use this method.

Certificate-based authentication relies on an MDM vendor. This vendor brokers identification services between Salesforce and the client mobile device. Certificate-based authentication doesn’t require configuration in Mobile SDK Android projects.

  1. In Android Studio, open your app’s AndroidManifest.xml file.

  2. In the LoginActivity declaration, uncomment the following lines:

  3. Replace the values for android:scheme, android:host, and android:path with their corresponding values from your connected app. Here's a couple of examples.

    If the callback URL of your connected app is testsfdc:///mobilesdk/detect/oauth/done:

    • android:scheme is testsfdc.
    • android:host is *, meaning that it doesn't exist.
    • android:path is /mobilesdk/detect/oauth/done.

    If the callback URL of your connected app is sfdc://

    • android:scheme is sfdc.
    • android:host is
    • android:path is /oauth/done.

Here’s the updated portion of your AndroidManifest.xml, using the testsfdc:///mobilesdk/detect/oauth/done scheme.

You're all set!