Push Notification Overview
Push authentication simplifies the verification process by sending a push notification to the user’s mobile device during the second step of Multi-Factor Authentication (MFA). Consumers can approve or deny login attempts directly from their phone, offering a secure and seamless experience.
Configuring Push Notifications
Send Push Notifications for MFA challenges that users can respond to via the LoginRadius Authenticator app or your custom mobile app.
Configuration Steps
-
Enable Push Notifications:
- Check the box labeled Enable Push Notifications in the Console by navigating Security→MFA(MFA Factor)→Push Notification
-
Choose Your Implementation:
- LoginRadius Authenticator
- Custom Native App
- Configuring via LoginRadius Authenticator
- Using a Custom Mobile App
When using the LoginRadius Authenticator:
-
Message: Define the message users see during authentication (e.g., "Please verify your login attempt using the below QR code.")
-
QR Code Width: Set the width (in pixels) of the QR code generated to pair with the device.
-
Click SAVE to apply changes.
After setting up Push Notifications with the LoginRadius Authenticator, you can scan the QR code using our app, For more information on LoginRadius Authenticator refer to the following documentation.
If you prefer using your mobile app for Push Notifications:
-
Choose Custom in the Push Notification configuration.
-
Provide the following information:
- Custom App Name (optional): The name is displayed to users.
- Push Notification Service:
- AWS SNS (requires Access Key, Secret Access Key, Region)
- Native (using your own messaging service)
-
Android/iOS App Configuration
- Enable Android/iOS: Check to enable push notifications for Android or iOS devices.
- Play Store/App Store URL (optional): Provide the Play Store or App Store link to your custom app.
-
Save Configuration: After completing all required fields click SAVE to store your Push Notification settings.
API Implementation
Use the following APIs to implement, verify, and manage Push Notification-based Multi-Factor Authentication (MFA) in your application.
Note: If an API call requires an API Secret, it should be called from the back end. Otherwise, the API call can also be used on the front end.
- Sending Push Notification Again (Resend)
- Checking Push Notification Status (Ping)
- Resetting Push Authenticator Settings
Use Case: Resend a push notification when the user has not responded or missed the first push.
API: MFA Resend Push Notification
- Method:
POST - Endpoint:
https://api.loginradius.com/identity/v2/auth/login/2FA
Inputs:
apikey(required): LoginRadius API Keysecondfactorauthenticationtoken(required): Second-factor authentication token from initial login
Use Case: Check whether the user has approved the push notification.
API: MFA Push Login Ping
- Method:
GET - Endpoint:
https://api.loginradius.com/login/2fa/push/ping
Inputs:
apikey(required): LoginRadius API Keysecondfactorauthenticationtoken(required): Second-factor authentication token from initial login
Response:
- If the user has approved the push notification, the login will proceed successfully.
- If not approved, continue polling or handle based on your retry strategy.
You can allow consumers or admins to reset the Push Authenticator settings:
- Reset Push Authenticator by Access Token (User-Initiated)
- Reset Push Authenticator by UID (Admin-Initiated, Server-Side)
API: Reset MFA Push Authenticator Settings
- Method:
DELETE - Endpoint:
https://api.loginradius.com/identity/v2/auth/account/2fa/authenticator/push
Inputs:
apikey(required): LoginRadius API KeyAuthorization(required): Bearer<ACCESS_TOKEN>
API: Reset MFA Push Authenticator by UID
- Method:
DELETE - Endpoint:
https://api.loginradius.com/identity/v2/manage/account/2FA/authenticator/push/{uid}
Inputs:
apikey(required): LoginRadius API Keyapisecret(required): LoginRadius API Secretuid(required): Unique identifier of the user account