---
title: Test push authentication
description: AM presents you with a page for entering only your user ID, or user ID and password. After you provide those credentials, AM verifies them. If your credentials are valid and the account has a device registered for push notifications, AM sends a push notification to the registered device.
component: pingam
version: 8.1
page_id: pingam:am-authentication:mfa-authenticating-push
canonical_url: https://docs.pingidentity.com/pingam/8.1/am-authentication/mfa-authenticating-push.html
page_aliases: ["authentication-guide:mfa-authenticating-push.adoc"]
section_ids:
  receiving-push: Receive push notifications
  approve_requests: Approve requests
  deny_requests: Deny requests
  register-for-push: Register
---

# Test push authentication

AM presents you with a page for entering only your user ID, or user ID and password. After you provide those credentials, AM verifies them. If your credentials are valid and the account has a device registered for push notifications, AM sends a push notification to the registered device.

Find information on registering a device for push authentication in [Register](#register-for-push).

|   |                                                                                                                                  |
| - | -------------------------------------------------------------------------------------------------------------------------------- |
|   | The device needs access to the Internet to receive push notifications, and AM must be able to receive responses from the device. |

## Receive push notifications

On your registered device, you receive a push notification from AM.

Depending on the state of the device and on your authenticator app, respond to the notification as follows:

* Unlock the device, if necessary, when you receive a device notification from the application.

  The authenticator app opens and displays the push notification.

* If the device is unlocked, but the authenticator app isn't open, select the device notification to open the application and display the push notification.

* Open the authenticator app to respond quickly to notifications.

## Approve requests

How you approve requests depends on your authenticator app settings and on what the device supports.

Default settings for push notifications use a simple pop up in the application, similar to the following:

![Approve the request by clicking Accept.](_images/authn-mfa-app-push-approve-or-deny.png)

## Deny requests

Deny the request by tapping the cancel icon in the top-right of the screen or, if Touch ID or face recognition are enabled, tap the Reject button.

|   |                                                                                                                                                                                                                                                                                                    |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | If you don't approve or deny the request on the registered device, the AM Push Authentication page times out and authentication fails.You can configure this through the Message Timeout in the [Push Sender node](https://docs.pingidentity.com/auth-node-ref/8.1/push-sender.html) for the tree. |

## Register

Use the [MFA Registration Options node](https://docs.pingidentity.com/auth-node-ref/8.1/mfa-registration-options.html) to specify what happens if the end user provides valid credentials but their profile is missing the required metadata for a registered device. That node presents the end user with a screen similar to the following:

![Default text on the MFA Registration Options node.](_images/mfa_register_options.png)

* Register Device

  Configure the journey to continue to the [Push Registration node](https://docs.pingidentity.com/auth-node-ref/8.1/push-registration.html).

  When completing the journey, scan the QR code displayed with an [authenticator app](authenticator-app.html).

  Learn more in [Register an authenticator app](authenticator-app.html#register-authenticator-app).

* Get the application

  Configure the journey to continue to the [Get Authenticator App node](https://docs.pingidentity.com/auth-node-ref/8.1/get-authenticator-app.html).

  When completing the journey, follow the link to obtain an authenticator app for your device (PingID mobile app by default).

* Skip this step

  Displayed only if the node configuration allows the user to skip. (Optional) In the example journey, skipping is linked to the Success node.

* Opt-out

  Configure the journey to continue to the [Opt-out Multi-Factor Authentication node](https://docs.pingidentity.com/auth-node-ref/8.1/opt-out-multi-factor.html) and let the user not use push.

  In the example journey, opting out is linked to the Success node.

Configure successful registration to return to the [Push Sender node](https://docs.pingidentity.com/auth-node-ref/8.1/push-sender.html), which starts the actual push notification stage of the journey, and the user can [receive push notifications](#receiving-push).