PingAM

The ForgeRock Authenticator app

The ForgeRock Authenticator app supports push authentication notifications and one-time passwords (OTPs).

Download and install the ForgeRock Authenticator app to perform multi-factor authentication (MFA). The application is available for both Android and iOS devices, and is free to download from:

Register the ForgeRock Authenticator for MFA

Register the ForgeRock Authenticator app to use it as an additional factor when logging in.

The ForgeRock Authenticator app supports registration of multiple accounts and multiple different authentication methods in each account, such as push notifications and OTPs.

Learn about registering devices for the different authentication methods:

You register the ForgeRock Authenticator app once per authentication method with an identity provider. For example, if one journey uses push notifications and another uses OTPs, you must register the app separately for both authentication methods.

The ForgeRock Authenticator app must access the internet to register for push notifications. You don’t need a connection to the internet to register for OTP authentication.

  1. When accessing a protected resource that requires MFA, AM prompts you to register a device and displays a QR code screen:

    QR code to register your device

    • If you’re logging in on the device and can’t scan the screen, click the On a mobile device? link to launch the app and register the device, bypassing the QR code.

    • If you’re logging in on a computer, start the ForgeRock Authenticator app and click its plus icon () to register the device.

      The screen on the device changes to an interface similar to your camera app.

      Scan the QR code with the ForgeRock authenticator app.

    The app displays the account you registered in the list of accounts.

  2. After registering your device, you MUST make a copy of the recovery codes for the account.

    Recovery codes screen

    Store the recovery codes separately from your device. The recovery codes will never be displayed again. They serve as one-time verification codes to log in if your registered device is lost, stolen, or broken.

    When you’ve safely stored the recovery codes for your newly registered push device, click Done.

  3. If prompted, respond to the push notification or enter an OTP from the app.

Your device is now registered. You can use it to perform MFA.