Enterprise Connect

Enable Offline OTP

Offline OTP is performed by the user.

After a user is configured to use Mac Workstation Authentication, the user can enable Offline OTP.

This option provides the ability to for users to authenticate to their Mac when they are not connected to a network or their machine cannot access the ForgeRock environment.

Users must download the ForgeRock Authenticator application to their smartphone via the Apple store or Google Play store to set up Offline OTP.

To enable Offline OTP:

  1. Click the ForgeRock icon in the top right of the menu bar and click Open Workstation Authentication Preferences…​.

    You can also access the Workstation Authentication application by opening it in Finder.
  2. From the Mac Workstation Authentication application screen, click Manage to launch the offline login wizard.

  3. After the wizard opens, click Setup.

  4. When prompted, enter your password in the dialog.

    1. If the push notification MFA method has been set up, approve the push notification on your phone.

    2. If the OATH OTP MFA method was set up, append the OTP to the end of your password with no spaces in between.

  5. Scan the QR code that is presented on the screen with you ForgeRock Authenticator application.

  6. Enter the OTP from the newly created profile in your ForgeRock Authenticator application to the screen titled Verify Your Code. Note the name of the profile in the application for later reference.

  7. To exit the wizard, click Done.

Login with Offline OTP

After you enable and configure Offline OTP, you are ready to log in using this method.

To login using the Offline OTP MFA method:

  1. Enter your password to your Mac.

  2. In the password box (right after you enter the password with no space in between the password and OTP) enter the OTP from the ForgeRock Authenticator application.

  3. Press Enter.

Mac Workstation Authentication installation/configuration checklist
  • Download and install the binaries from Backstage (you must be logged in).

  • Install the Mac client on end users machines.

  • (Optional). Onboard and enable local users on their Mac machine.

  • (Optional). Enable Offline OTP to allow users to login to their Mac when not connected to the internet.

  • Verify and test with a test user.