Skip to content

Add Passwordless login with Push Notifications

Push notifications enable a secure and seamless passwordless authentication mechanism by allowing users to verify their identity with a simple tap on their registered mobile device. Instead of relying on traditional passwords or one-time passcodes, authentication requests are securely delivered via push notifications, ensuring real-time, user-friendly login.

This method enhances security by reducing the risk of phishing and credential-based attacks while offering a frictionless login experience. Users can authenticate from any trusted device with internet access, eliminating the need to remember or enter passwords.

To configure push notifications as a passwordless authentication mechanism in Asgardeo, follow the instructions below.

Prerequisites

Set up Push Notifications

Asgardeo has some default settings for Push Notifications, which are sufficient for most cases. If required, you can change the default settings, as explained below.

To update the default Push Notification settings:

  1. On the Asgardeo Console, go to Connections and select Push Notification.

  2. Update the following parameters in the Settings tab:

    Setup Push Notifications in Asgardeo

    Field Description
    Enable number Challenge When enabled, users must confirm the number displayed in the application on their push authentication device to complete the sign in.
    Enable push notification device progressive enrollment When enabled, users may enroll their devices for push authentication at the moment they log in to the application.
    Push notification resend interval Specifies the time interval between the resend attempts. Also, the polling to identify user's response for the push notification will be ended once the timer is completed.
    Allowed push notification resend attempts The number of allowed push notification resend attempts. Once exceeded, the user will not be allowed to send any push notifications.

  3. Once you update the Push Notification settings, click Update.

Configuring Push Providers

To send push notifications from Asgardeo, you need to configure a Push Provider. Asgardeo supports Firebase Cloud Messaging (FCM) to send push notifications. With FCM, you can send push notifications to multiple platforms, including Android, iOS, and the web.

Note

Firebase cloud messaging has the capability to send push notification to iOS devices through Apple Push Notification Service (APNs). However, you need to configure APNs separately to send push notifications to iOS devices. For more information, click here.

Follow the below steps to configure FCM as your Push Provider:

  1. On the Asgardeo Console, go to Notification Channels and select Push Providers.

    Notification channels page

  2. Upload the service-account.json file that you downloaded from Firebase when you created your Firebase project.

    Configure Firebase

  3. Click Update to save your changes.

    Update Push Provider

Enable push notifications login for an app

Follow the steps given below to enable Push Notification login for your application.

  1. On the Asgardeo Console, go to Applications.

  2. Select the application to which you wish to add Push Notification.

  3. Go to the Login Flow tab of the application and add Push Notification from your preferred editor:

  4. Click Update to save your changes.

Enable push notification device progressive enrollment

This feature allows users to enroll their push notification devices seamlessly during the usual login flow, offering a blend of convenience and security. Follow the steps given below to enable Push Notification Devices progressive enrollment for your application.

  1. On the Asgardeo Console, go to Connections.

  2. Select the Push Notification connection.

  3. Go to the Settings tab of the connection.

  4. Enable the option for Enable push notification device progressive enrollment by checking its checkbox.

    Enable push notification device progressive enrollment in Asgardeo

  5. Click Update to save your changes.

  6. Add the push notification device progressive enrollment adaptive script to the login flow of the application.

Note

Push notification device progressive enrollment can only be configured at the organizational level and cannot be modified at the application level.

Try out Push Notification passwordless login flow with a user already enrolled with a device

In this section, we will guide you through the steps to authenticate using Push Notification passwordless login with a user who has already enrolled a push notification device.

  1. Access the application URL.

  2. Click Login to access the Asgardeo login page.

  3. On the login page, enter your username and click Continue.

    Sign In with Push Notification in Asgardeo

    This action redirects you to the Push Notification Wait page.

    Push Notification Wait page

  4. You will receive a push notification on your registered device. Approve the authentication request from the registered device. Below shown page will be displayed and will be polling for the user's response.

  5. Once you approve the authentication request, you will be successfully logged in to the application.

Try out Push Notification passwordless login flow with a user not enrolled with a device

In this section, we will guide you through the steps to authenticate using Push Notification passwordless login with a user who has not enrolled a push notification device when progressive enrollment is enabled.

  1. Access the application URL.

  2. Click Login to access the Asgardeo login page.

  3. On the login page, enter your username and click Continue.

  4. Since you have not enrolled a push notification device, you will be shown the following page to get your consent to enroll a push notification device. Click on Register to enroll a push notification device.

    Push Notification Device Enrollment Consent

  5. Since this authentication flow has not authenticated the user yet, you will be prompted to enter the password of the user account. This is to ensure that the user is the legitimate owner of the account.

    Push Notification Password Verification

  6. Click on Sign In to proceed.

  7. If authentication is successful, you will be shown the following page to scan the QR code using your Push Authenticator App to enroll your device. Once the device is enrolled successfully, check the checkbox and click Continue to proceed with the authentication.

    Push Notification Device Enrollment

  8. You will receive a push notification on your registered device. Approve the authentication request from the registered device.

  9. Once you approve the authentication request, you will be successfully logged in to the application.