Authenticator apps
An authenticator app is an application, installed on a device, that end users use for multi-factor authentication (MFA).
In general, an authenticator app does the following:
-
Supports push notifications from the authentication server.
-
Generates one-time passwords (OTPs) that the end user is required to provide, usually in addition to a password, when logging into their account.
Advanced Identity Cloud supports a number of authenticator apps:
PingID mobile app
The PingID mobile app is the default supported authenticator app for performing MFA with Advanced Identity Cloud. This app supports time-based one-time passwords (TOTPs) only. It doesn’t support HMAC-based one-time passwords (HOTPs).
Depending on their device type, end users can download the PingID mobile app from one of the following locations:
-
Apple App Store (for iOS devices)
-
Google Play (for Android devices)
They must register the PingID mobile app with Advanced Identity Cloud to use it as an additional factor when logging in.
ForgeRock Authenticator app
The ForgeRock Authenticator app supports time-based one-time passwords (TOTPs) and HMAC-based one-time passwords (HOTPs).
Depending on their device type, end users can download the ForgeRock Authenticator app from one of the following locations:
-
Apple App Store (for iOS devices)
-
Google Play (for Android devices)
| Although the PingID mobile app is the default supported authenticator app for performing MFA with Advanced Identity Cloud, there is no smooth migration path from the ForgeRock Authenticator app to the PingID mobile app. If you’re already using the ForgeRock Authenticator app for MFA, you should continue to do so. |
Other authenticator apps
You can perform MFA with any third-party authenticator app that supports the Time-Based One-Time Password (TOTP) open standard. For example, Google Authenticator or Salesforce Authenticator.
To build your own authenticator app, integrate the Ping (ForgeRock) Authenticator module using Ping SDKs.