Support for push OTP depends on the configuration of your SafeNet MobilePASS+ token.

Push OTP simplifies the process of accessing a protected resource, such as a web page, cloud or VPN. A push notification is sent from the login page to your mobile device and can be viewed as follows:

• An Android locked-screen notification.

• A pending notification bar displayed on the SafeNet MobilePASS+ app.

The push login request includes a map view to show the location where the login attempt originated from.

After you approve the login request and enter a PIN (if required according to your tokens’ settings), your SafeNet MobilePASS+ app generates a passcode and sends it to the login page, logging you in automatically. This eliminates the need to generate a one-time passcode (OTP) on your mobile device or to enter it into the login page.

If you receive an unexpected request, select Deny, and then select ‘It wasn’t me!’ This sends a notification of the unauthorized login attempt to your organization’s authentication management system.

Number matching

For additional security, your administrator can configure the push login request to use number matching instead of the Approve and Deny buttons. With number matching, the login screen displays a number, and you tap the matching number on the push notification.

Log in with push OTP

The following procedure uses Microsoft 365 as an example of a resource that you want to access. The login steps may vary for other resources.

1. Open the login page of the resource and then enter your organization username and password.

   

   You are redirected to your organization’s login page.

2. Enter your login credentials and then select Sign in.

   

3. Select Use my mobile to autosend a password and then select Submit.

   

   The system sends a notification of the login request to your mobile device.

4. When the login request arrives on your mobile device, you can respond from the locked screen or from the SafeNet MobilePASS+ app.

   The experience is different depending on whether your administrator has enabled the enhanced approval workflow. The enhanced approval workflow enables users to manage push login requests without unlocking their mobile device.

   The Enhanced Approval Workflow is not available for PIN-protected tokens, or where non PIN-protected tokens are not configured to support it.

   Locked screen with the standard approval workflow

   • Swipe the notification from right to left to expand it, and then select Approve.

   • Select the notification to open the login request in SafeNet MobilePASS+, review the login request information, and then select Approve.

   SafeNet MobilePASS+ app with the standard approval workflow

   • Select the pending notification bar.

     

     If there are multiple login requests pending, selecting the pending notification bar prompts the user to approve or deny the most recent notification. Earlier notifications remain in the bar.

     • Select Approve.

     To collapse a push notification, drag the down-arrow icon to the bottom of the screen.

   Locked screen with the enhanced approval workflow

   • On the Login request notification, select Approve.

     

     If your device is password protected, enter the passcode and then select Go.

     

   SafeNet MobilePASS+ app with the enhanced approval workflow

   • In the Login request from window, select Approve.