Enterprise Connect

Verify functionality

Following installation, configuration, and deployment (on a test machine first), it is recommended to test the functionality of workstation authentication to verify that the Mac login process proceeds as expected.

Before beginning the verification process, make sure that the following prerequisites are met:

  • User to be tested has a smartphone with the ForgeRock Authenticator application installed.

  • User to be tested has been successfully enrolled to the relevant journey depending on the method chosen (push notification or OATH OTP) as described in Install Mac Workstation Authentication.

  • The ForgeRock Server URL, as defined in the xml file, is accessible from the test machine.

  • Mac Workstation Authentication has been enabled for the account on the Mac machine.

There are two MFA methods an administrator can enable for Mac Workstation Authentication. Only one can be selected.

The methods are:

  • Push notification using the ForgeRock Authenticator application

  • OATH OTP using the ForgeRock Authenticator application

Offline OTP can also be enabled for either of these methods. For more information on this, refer to Enable Offline OTP.

The following sections show how to test these methods.

Validate push notification MFA method

You configure the push notification MFA method when you Install Mac Workstation Authentication.

To log in to your Mac with this method:

Display an example
verify mac auth push notification
  1. Access the Mac login screen.

  2. Enter the username and password for the user.

  3. Approve the push notification sent to the ForgeRock Authenticator application.

  4. You are successfully logged in.

Validate OATH OTP MFA method

You configure the OATH OTP MFA method when you Install Mac Workstation Authentication.

To log in to your Mac with this method:

Display an example
verify mac auth oath otp notification
  1. Access the Mac login screen.

  2. Enter the username and password for the user.

  3. Right after you enter the password, input the OTP from the application immediately (with no spaces in between).

  4. You are successfully logged in.

Mac Workstation Authentication installation/configuration checklist
  • Download and install the binaries from Backstage (you must be logged in).

  • Install the Mac client on end users machines.

  • (Optional). Onboard and enable local users on their Mac machine.

  • (Optional). Enable Offline OTP to allow users to login to their Mac when not connected to the internet.

  • Verify and test with a test user.