The ForgeRock Authenticator application
The ForgeRock Authenticator application supports push authentication notifications and one-time passwords.
Download and install the ForgeRock Authenticator application to perform multi-factor authentication. The application is available for both Android and iOS devices, and is free to download from:
To build your own authenticator application, integrate the ForgeRock Authenticator module using ForgeRock SDKs.
Refer to the instructions for Android or the instructions for iOS.
Register the ForgeRock Authenticator for MFA
Register the ForgeRock Authenticator application to use it as an additional factor when logging in.
The ForgeRock Authenticator application supports registration of multiple accounts and multiple different authentication methods in each account, such as push notifications and one-time passwords.
For information on registering Web Authentication (WebAuthn) devices with AM, refer to Create trees for WebAuthn.
You register the ForgeRock Authenticator application once per authentication method with an identity provider. For example, if one tree uses push notifications and another uses one-time passwords, you must register the application separately for push notifications and one-time passwords.
The ForgeRock Authenticator application must access the internet to register for push notifications. Registering for one-time password authentication does not require a connection to the internet.
When accessing a protected resource that requires multi-factor authentication, AM prompts you to register a device, and displays a QR code screen:
If you are logging in on the device and cannot scan the screen, click the On a mobile device? link to launch the application and register the device, bypassing the QR code.
If you are logging in on a computer, start the ForgeRock Authenticator application and click its plus icon () to register the device.
The screen on the device changes to an interface similar to your camera app.
Scan the QR code with the ForgeRock authenticator app.
The application displays the account you registered in the list of accounts.
After registering your device, you MUST make a copy of the recovery codes for the account.
Store the recovery codes separately from your device. The recovery codes will never be displayed again. They serve as one time verification codes to log in if your registered device is lost, stolen, or broken.
When you have safely stored the recovery codes for your newly registered push device, click Done.
If prompted, respond to the push notification or enter a one-time password from the app.
Your device is now registered. You can use it to perform multi-factor authentication.