This article provides information on the following known issues and limitations:
- iOS and Android - Only supports Push-to-Accept type (Authenticator App 3.2)
- Android - New notification permission
- iOS - Push accounts stop working after uninstalling and reinstalling the app
- Android - Some special characters from registration QR Codes or URLs are decoded incorrectly
The iOS (including the Apple watch) and Android authenticator apps released with 3.2 do not support the Display Challenge Code or Use Biometrics to Accept push authentication types. Tap to Accept (the default) is the only push type supported at this time.
If you are using the iOS Apple watch, you must use the Authenticator app on the phone to accept these types of push authentication.
When upgrading your device to Android 13, you may be asked to allow notifications from the app. Notifications are required in order to process Push Authentication requests.
- If you select the 'Allow' option, you will continue to receive Push Authentication requests normally.
- If you select the 'Don't allow' option, the app won't be able to process Push notifications anymore. However, if you change your mind, you can manually enable them via Android Settings.
- If you swipe away from the dialog, and don't select either 'Allow' or 'Don't allow', the current notification permission setting remains the same.
- Install the authenticator app on an iOS device.
- Register a push authentication notification account, and confirm it works as expected.
- Uninstall the app from the device.
- Install the app again.
- Trigger a new push authentication notification request.
The device receives the new push notification.
The device does not receive the new push notification.
- On your device, remove the push authentication account from the ForgeRock Authenticator app.
- Afterwards, register the account with the app again.
To enable push notifications on your iOS device:
- On the home screen, click Settings.
- On the Settings menu, click Notifications.
- Look for the ForgeRock Authenticator app.
- Click Allow Notifications.
- Choose options for how to receive push notifications.
To show the contents of notifications on the Lock Screen without unlocking your device:
- Go to Settings > Notifications > Show Previews.
- Select Always.
Some special characters in the registration URLs (or QR Codes) are not decoded properly by the Authenticator app during the registration of Push and OATH accounts. This can lead to the app displaying incomplete issuer or account names. For example, if the issuer in the registration URL is "AT&T", the Authenticator app may display "AT".
The OATH account is successfully registered and the value for the Issuer is correct.
The app successfully registers the account. However, the value for the issuer is not correct. For example, "AT" instead of “AT&T”.
- SVG is not a valid image format for the account logo. The app only supports JPG and PNG formats.
- OTP codes should contain six or eight digits.
- The period limit for TOTP accounts is 99 seconds.
- Push Notifications expiration counting starts when the Authenticator app receives the notification.
- The Authenticator app supports up to two MFA methods for the same account (issuer + account name). The methods cannot be of the same type.
- Registering an OATH account via links does not work in iOS version 15.
- Android devices without Google Play services do not support the Authenticator app.
- In rare cases, on some iOS 12.x devices, the Authenticator app may not receive push notifications when the app is not running.
Workaround: Start the authenticator app and resend a push notification authentication request.