Multiple Push Devices in an MFA ForgeRock™ Access Management Implementation

Feb 12, 2021​

Contributors: Somayeh Taheri, Shawna McKay​

Identity and Access Management (IAM) is at the core of the security of any digital infrastructure. Multi-factor authentication (MFA) with the use of multiple push devices helps position your approach to IAM as a competitive advantage rather than simply a necessity.

While single-factor authentication typically relies on passwords, in an MFA solution the users can be authenticated based on something they know (password), something they have (e.g. a smartphone) and something they are (e.g. face recognition). The demand for MFA is growing by both service providers and customers and many organizations are moving from single-factor authentication to MFA.

The Access Management out-of-the-box push registration and authentication in ForgeRock, supports only one device for registration and authentication.  If the user tries to register a second device, their previously registered device profile and registration will be replaced with the new device details. Having only a single device registered for an application, the user would not be able to use the service or application if the push notification device is not available to them when they need to login to the application.

The challenge of registering multiple devices for push authentication for a given user is addressed in this white paper.