Test push authentication
AM presents you with a page for entering only your user ID, or user ID and password. After you provide those credentials, AM verifies them. If your credentials are valid and the account has a device registered for push notifications, AM sends a push notification to the registered device.
If the user does not yet have a device registered for push authentication, refer to Register.
The device needs access to the Internet to receive push notifications, and the AM server must be able to receive responses from the device.
Receive push notifications
On your registered device, you receive a push notification from AM. Depending on the state of the device and the ForgeRock Authenticator application, respond to the notification as follows:
Unlock the device, if necessary, when you receive a device notification from the application.
The ForgeRock Authenticator application opens and displays the push notification.
If the device is unlocked, but the ForgeRock Authenticator application is not open, select the device notification to open the application and display the push notification.
Open the ForgeRock Authenticator application to respond quickly to notifications.
How you approve requests depends on the ForgeRock Authenticator application settings, and on what the device supports.
Default settings for push notifications use a simple pop up in the application, similar to the following:
Deny the request by tapping the cancel icon in the top-right of the screen or, if Touch ID or face recognition are enabled, tap the Reject button.
If you do not approve or deny the request on the registered device, the AM Push Authentication page times out and authentication fails.
You can configure this through the Message Timeout in the Push Sender node for the tree.
If your credentials are valid but your profile is missing the metadata for a registered device registered, the MFA Registration Options node of the tree governs what happens:
- Register Device
Configure the journey to continue to the Push Registration node.
When completing the journey, scan the QR code it displays with the ForgeRock Authenticator application.
For additional details, refer to Register the ForgeRock Authenticator for multi-factor authentication.
- Get the application
Configure the journey to continue to the Get Authenticator App node.
When completing the journey, follow the link needed to obtain the ForgeRock Authenticator application for your device.
- Skip this step
Displayed only if the node configuration allows the user to skip. (Optional) In the example journey, skipping is linked to the Success node.
Configure the journey to continue to the Opt-out Multi-Factor Authentication node and let the user not use push.
In the example journey, opting out is linked to the Success node.
Configure successful registration to return to the Push Sender node, which starts the actual push notification stage of the journey, and the user can receive push notifications.