What users see for multi-factor authentication

Authenticator provides secure login to your enterprise cloud services. If you have configured the app to be installed silently, which is recommended for a seamless user experience, the app is installed on managed devices when the device checks in with Ivanti Neurons for MDM.

If a device user has already launched Authenticator for iOS as a standalone trial app, the device user must uninstall and reinstall the app to use it as a managed app.

The following topics provide information about multi-factor authentication:

Activate Authenticator

To activate Authenticator, users simply launch the app after it is installed.

Figure 1. Launch Authenticator

Ivanti Access cloud services

When users attempt to access an enterprise cloud service, they are prompted to enter their user name and then prompted to confirm the request on the managed device that has the activated Authenticator app.

A prompt appears from the Authenticator app on the managed device alerting the user to the access request. If users accept the prompt, they are allowed access. If users decline the Authenticator prompt, they see an authentication failed message on the device and the authentication request from the device is blocked.

The configured IdP challenges users for their credentials. Ivanti Access does not ask users for their credentials.

Figure 2. Authenticator prompt on managed device

Custom service provider

The interaction pages and push notification for two-factor authentication display the service provider (SP) name and logo. For a custom service provider, if a name is not configured, the interaction pages and push notifications display Custom Service Provider for the SP name. If a logo is not configured for the custom SP, the name of SP is seen where the logo would have been displayed.

Authenticator settings

The following table describes the information available in Settings in the Authenticator app.

Table 25.   Settings in the Authenticator app

Setting

Description

About

Tap to view version and license information.

Debug Logging

Disabled by default.

Device users can enable debug logging if necessary.

Email Debug Log

Tap to enter an email address to send the debug logs.

Deactivate

Tap to deactivate the Authenticator app.