Skip to content

Configure push provider

To use push notification-based authentication, you need to configure at least one push notification provider in Asgardeo. Asgardeo supports Firebase Cloud Messaging (FCM) as a push notification provider.

Note

You can configure multiple providers and keep them active at the same time. During enrollment, the device will send the preferred push provider in the registration request. Once successfully registered, Asgardeo will send push notifications via the device's registered push provider.

You can also mark one provider as the default push provider.

The following list shows the platforms that each provider supports.

  • FCM: Android, iOS (APNs), and web.
  • Amazon SNS: Android, iOS (APNs), Amazon Fire OS (ADM), Baidu Cloud Push, Windows Phone (MPNS), and Windows (WNS).

Configure the push provider

  1. On the Asgardeo Console, go to Notification Channels and select Push Providers.

    Notification channels page

  2. Select the tab for the provider you want to configure and follow the steps in the relevant section below.

Configure Firebase Cloud Messaging (FCM)

  1. Select the Firebase tab.

  2. Upload the service-account.json file that you downloaded from Firebase when you created your Firebase project.

    Configure Firebase

  3. Click Update to save your changes.

    Update Push Provider

Note

Firebase Cloud Messaging can send push notifications to iOS devices through Apple Push Notification Service (APNs). However, you need to configure APNs separately to send push notifications to iOS devices. For more information, refer to the Firebase documentation.

Configure Amazon Simple Notification Service (SNS)

  1. In the AWS Management Console, create a platform application for each platform you plan to support (for example, FCM or APNs). For instructions, see Mobile push notifications in the AWS documentation.

  2. Create an IAM user and attach a policy that grants the following permissions. For guidance on creating IAM users and attaching policies, see the AWS IAM documentation.

    • sns:CreatePlatformEndpoint — register devices with SNS
    • sns:GetEndpointAttributes — retrieve device endpoint details
    • sns:SetEndpointAttributes — update device endpoint registrations
    • sns:DeleteEndpoint — unregister devices from SNS
    • sns:Publish — send push notifications to device endpoints

    Note

    IAM users are global by default. If desired, you can limit the scope of these permissions to a specific AWS Region by defining the region in the policy's Resource ARN.

  3. Select the Amazon SNS tab on the Push Providers page.

    Configure Amazon SNS

  4. Enter the AWS Access Key ID, AWS Secret Access Key, and AWS Region of the IAM user you created.

  5. Add the platform application ARN for each platform you created:

    1. Select the platform from the Select Platform dropdown.
    2. Paste the platform application ARN in the text field.
    3. Click + Add.
    4. Repeat for each platform.

    Configure Amazon SNS Platform ARNs

  6. Click Update to save your changes.

Note

Choose an AWS region where Amazon SNS is available and geographically close to your Asgardeo deployment. This reduces latency between Asgardeo and Amazon SNS. Because Amazon SNS acts as a push notification hub and the platform, such as FCM or APNs, delivers the final notification to the device, choosing a region close to your user base does not provide a significant latency advantage.

Configure the default push provider

When a device does not specify a push provider in its registration request, Asgardeo registers the device with the default push provider. This is useful for maintaining backward compatibility with older versions of your authenticator application that do not include provider information in the registration payload.

To set a provider as the default:

  1. Select the tab of the provider you want to set as the default.

  2. Enable the Default toggle.

    Configure Default Push Provider

Important

Amazon SNS requires additional metadata, such as the platform field, in the registration request. For more information, see Build your own push authenticator app. Therefore, even if Amazon SNS is configured as the default provider, the registration payload must still include the required metadata.

Note

If you configure only one provider and do not explicitly set a default provider, Asgardeo uses that provider for legacy registration payloads. In that case, Asgardeo registers the device with the configured provider. However, we recommend that you still mark the provider as the default if you need legacy payload support.