ForgeRock Developer Experience

Integrate MFA using push notifications

Applies to:

  • ForgeRock SDK for Android

  • ForgeRock SDK for iOS

  • ForgeRock SDK for JavaScript

This use case explains how to integrate support for push authentication into your Android or iOS projects that use the ForgeRock Authenticator module.

Tasks

Step 1. Configure Push notifications for Android

In this step, you configure Google Firebase Cloud Messaging (FCM), which handles sending the push notifications to Android devices.

You create a service account that provides access to the service for third-parties.

Step 2. Configure Push notifications for iOS

In this step, you configure Apple Push Notification service (APNS), which handles sending the push notifications to iOS devices.

You create a key that provides access to the service for third-parties.

Step 3. Configure Push notifications in AWS

In this step, you use the service account and key created in the previous steps to set up Amazon Simple Notification Service (SNS) to be able to route push notification messages to Android and iOS devices.

You also create a service account and associated access token to provide access to the service to your ForgeRock server.

Step 4. Configure ForgeRock servers for push notifications

In this step, you configure your ForgeRock server to connect to SNS so that it can send out push notifications.

You also create an authentication journey that will register your client application as an MFA device, and send out push notifications.

Step 5: Configure the app for push notifications

In this step, you configure your application projects to use either Firebase Cloud Messaging or the Apple Push Notification service.

Step 6. Configure the ForgeRock Authenticator module for push notifications

In this final step, you add the code to your application that obtains the unique device code required to ensure push notifications reach their intended audience.

You also add code that leverages the ForgeRock Authenticator module to handle the push registration and authentication journey you created earlier.