PingAM

Test push authentication

AM presents you with a page for entering only your user ID, or user ID and password. After you provide those credentials, AM verifies them. If your credentials are valid and the account has a device registered for push notifications, AM sends a push notification to the registered device.

You can find information on registering a device if the user doesn’t yet have a device registered for push authentication in Register.

The device needs access to the Internet to receive push notifications, and the AM server must be able to receive responses from the device.

Receive push notifications

On your registered device, you receive a push notification from AM. Depending on the state of the device and the ForgeRock Authenticator app, respond to the notification as follows:

  • Unlock the device, if necessary, when you receive a device notification from the application.

    The ForgeRock Authenticator app opens and displays the push notification.

  • If the device is unlocked, but the ForgeRock Authenticator app isn’t open, select the device notification to open the application and display the push notification.

  • Open the ForgeRock Authenticator app to respond quickly to notifications.

Approve requests

How you approve requests depends on the ForgeRock Authenticator app settings, and on what the device supports.

Default settings for push notifications use a simple pop up in the application, similar to the following:

Approve the request by clicking Accept.

Deny requests

Deny the request by tapping the cancel icon in the top-right of the screen or, if Touch ID or face recognition are enabled, tap the Reject button.

If you do not approve or deny the request on the registered device, the AM Push Authentication page times out and authentication fails.

You can configure this through the Message Timeout in the Push Sender node for the tree.

Register

Use the MFA Registration Options node to specify what happens if the end user provides valid credentials but their profile is missing the required metadata for a registered device. That node presents the end user with a screen similar to the following:

Default text on the MFA Registration Options node.
Register Device

Configure the journey to continue to the Push Registration node.

When completing the journey, scan the QR code it displays with the ForgeRock Authenticator app.

Learn more in Register the ForgeRock Authenticator for multi-factor authentication.

Get the application

Configure the journey to continue to the Get Authenticator App node.

When completing the journey, follow the link needed to obtain the ForgeRock Authenticator app for your device.

Skip this step

Displayed only if the node configuration allows the user to skip. (Optional) In the example journey, skipping is linked to the Success node.

Opt-out

Configure the journey to continue to the Opt-out Multi-Factor Authentication node and let the user not use push.

In the example journey, opting out is linked to the Success node.

Configure successful registration to return to the Push Sender node, which starts the actual push notification stage of the journey, and the user can receive push notifications.