Skip to content

Add MFA with Push Notification

Push notifications provide a seamless and secure MFA solution by allowing users to verify their identity with a simple tap on their registered device. This real-time authentication method reduces reliance on passwords and one-time passcodes, enhancing security against phishing and credential attacks.

Follow the instructions given below to configure Multi-Factor Authentication (MFA) using Push Notifications in Asgardeo.

Prerequisites

Set up Push Notifications

Asgardeo has some default settings for Push Notifications, which are sufficient for most cases. If required, you can change the default settings, as explained below.

To update the default Push Notification settings:

  1. On the Asgardeo Console, go to Connections and select Push Notification.

  2. Update the following parameters in the Settings tab:

    Setup Push Notifications in Asgardeo

    Field Description
    Enable number Challenge When enabled, users must confirm the number displayed in the application on their push authentication device to complete the sign in.
    Enable push notification device progressive enrollment When enabled, users may enroll their devices for push authentication at the moment they log in to the application.
    Push notification resend interval Specifies the time interval between the resend attempts. Also, the polling to identify user's response for the push notification will be ended once the timer is completed.
    Allowed push notification resend attempts The number of allowed push notification resend attempts. Once exceeded, the user will not be allowed to send any push notifications.

  3. Once you update the Push Notification settings, click Update.

Configuring Push Providers

To send push notifications from Asgardeo, you need to configure a Push Provider. Asgardeo supports Firebase Cloud Messaging (FCM) to send push notifications. With FCM, you can send push notifications to multiple platforms, including Android, iOS, and the web.

Note

Firebase cloud messaging has the capability to send push notification to iOS devices through Apple Push Notification Service (APNs). However, you need to configure APNs separately to send push notifications to iOS devices. For more information, click here.

Follow the below steps to configure FCM as your Push Provider:

  1. On the Asgardeo Console, go to Notification Channels and select Push Providers.

    Notification channels page

  2. Upload the service-account.json file that you downloaded from Firebase when you created your Firebase project.

    Configure Firebase

  3. Click Update to save your changes.

    Update Push Provider

Enable push notifications login for an app

Follow the steps given below to enable Push Notification login for your application.

  1. On the Asgardeo Console, go to Applications.

  2. Select the application to which you wish to add Push Notification.

  3. Go to the Login Flow tab of the application and add Push Notification from your preferred editor:

  4. Click Update to save your changes.

Enable push notification device progressive enrollment

This feature allows users to enroll their push notification devices seamlessly during the usual login flow, offering a blend of convenience and security. Follow the steps given below to enable Push Notification Devices progressive enrollment for your application.

  1. On the Asgardeo Console, go to Connections.

  2. Select the Push Notification connection.

  3. Go to the Settings tab of the connection.

  4. Enable the option for Enable push notification device progressive enrollment by checking its checkbox.

    Enable push notification device progressive enrollment in Asgardeo

  5. Click Update to save your changes.

Note

Push notification device progressive enrollment can only be configured at the organizational level and cannot be modified at the application level.

Try out Push Notification MFA flow with a user already enrolled with a device

In this section, we will guide you through the steps to authenticate using Push Notification MFA with a user who has already enrolled a push notification device.

  1. Access the application URL.

  2. Click Login to access the Asgardeo login page.

  3. Enter your username and password, then click Sign In.

  4. You will receive a push notification on your registered device. Approve the authentication request from the registered device. Below shown page will be displayed and will be polling for the user's response.

    Push notification await page

  5. Once you approve the authentication request, you will be successfully logged in to the application.

Try out Push Notification MFA flow with a user not enrolled with a device

In this section, we will guide you through the steps to authenticate using Push Notification MFA with a user who has not enrolled a push notification device when progressive enrollment is enabled.

  1. Access the application URL.

  2. Click Login to access the Asgardeo login page.

  3. Enter your username and password, then click Sign In.

  4. You will be displayed with a similar page as shown below. Scan the QR code using your Push Authenticator App to enroll your device. Once the device is enrolled successfully, check the checkbox and click Continue to proceed with the authentication.

    Push notification device enrollment page

  5. You will receive a push notification on your registered device. Approve the authentication request from the registered device.

  6. Once you approve the authentication request, you will be successfully logged in to the application.