Test push authentication
PingOne Advanced Identity Cloud presents you with a page for entering only your user ID, or user ID and password. After you provide those credentials, PingOne Advanced Identity Cloud verifies them. If your credentials are valid and the account has a device registered for push notifications, PingOne Advanced Identity Cloud sends a push notification to the registered device.
If the user does not yet have a device registered for push authentication, refer to Register.
The device needs access to the Internet to receive push notifications, and PingOne Advanced Identity Cloud must be able to receive responses from the device. |
Receive push notifications
On your registered device, you will receive a push notification from PingOne Advanced Identity Cloud. Depending on the state of the device and the ForgeRock Authenticator application, respond to the notification as follows:
-
Unlock the device, if necessary, when you receive a device notification from the application.
The ForgeRock Authenticator application opens and displays the push notification.
-
If the device is unlocked, but the ForgeRock Authenticator application is not open, select the device notification to open the application and display the push notification.
-
Open the ForgeRock Authenticator application to respond quickly to notifications.
Approve requests
How you approve requests depends on the ForgeRock Authenticator application settings, and on what the device supports.
Default settings for push notifications use a simple pop up in the application, similar to the following:
Deny requests
Deny the request by tapping the cancel icon in the top-right of the screen or, if Touch ID or face recognition are enabled, tap the Reject button.
If you do not approve or deny the request on the registered device, the Push Authentication page times out and authentication fails. You can configure this through the Message Timeout in the Push Sender node for the journey. |
Register
If your credentials are valid but your profile is missing the metadata for a registered device registered, the MFA Registration Options node of the journey governs what happens:
- Register Device
-
Configure the journey to continue to the Push Registration node.
When completing the journey, scan the QR code it displays with the ForgeRock Authenticator application.
For additional details, refer to Register the ForgeRock Authenticator for multi-factor authentication.
- Get the application
-
Configure the journey to continue to the Get Authenticator App node.
When completing the journey, follow the link needed to obtain the ForgeRock Authenticator application for your device.
- Skip this step
-
(Optional) In the example journey, skipping is linked to the Success node.
- Opt-out
-
Configure the journey to continue to the Opt-out Multi-Factor Authentication node and let the user not use push.
In the example journey, opting out is linked to the Success node.
Configure successful registration to return to the Push Sender node, which starts the actual push notification stage of the journey, and the user can Receive push notifications.