Push OTP on iOS

Support for the push OTP feature depends on the configuration of your SafeNet MobilePASS+ authenticator.

Push OTP simplifies the process of accessing a protected resource, such as a webpage, cloud, or VPN. A push notification is sent from the login page to your mobile device and can be viewed as follows:

• An iOS locked-screen notification.

• A Pending Notification bar displayed on the SafeNet MobilePASS+ app.

After you have approved the login request with a tap of a button, and entered a PIN (if required according to your authenticators’ settings), a passcode is generated by your SafeNet MobilePASS+ app and sent to the login page, logging you in automatically. This eliminates the need to generate a one-time passcode (OTP) on your mobile device or to enter it into the login page.

You may be required to enter a PIN after approving the push notification.

Enable notifications

To enable your device to receive notifications:

1. Select Settings > Notifications.

   

2. Select Allow Notifications and then configure the notification options.

   

Log in with push OTP

The following procedure uses Microsoft 365 as an example of a resource that you want to access. The login steps may vary for other resources.

1. Open the login page of the resource and then enter your organization username and password.

   

   You are redirected to your organization’s login page.

2. Enter your login credentials and then select Sign in.

   

3. Select Use my mobile to autosend a password and then selectSubmit.

   

   The system sends a notification of the login request to your mobile device.

4. When the login request arrives on your mobile device, you can respond from the locked screen or from the SafeNet MobilePASS+ app, as described in the following sections:

   • Approve login requests — standard approval workflow

   • Approve login requests — enhanced approval workflow

   

   Note

   If there are multiple login requests pending, selecting the pending notification bar prompts the user to approve or deny the most recent notification. Earlier notifications remain in the bar.

   If you have multiple authenticators enrolled for the same user, MobilePASS+ responds with the most recently enrolled authenticator.

Approve login requests — standard approval workflow

On your mobile device, you can approve a login request from the following:

• SafeNet MobilePASS+ application

• Locked screen

• Unlocked screen or within another app

Approve a login request from the SafeNet MobilePASS+ app

1. Select the notification.

   

   The Login request from window opens. It includes information about the application initiating the request, the location of the request, and its IP address.

2. Review the login request information and select Approve.

   

Approve a login request from a locked screen

1. Touch and hold the notification, to expand it.

   

2. Select Approve.

   

3. If your device is password protected, enter the passcode.

Approve a login request from an unlocked screen or from another app

1. Select the Login Request notification.

   

2. Select Approve.

   

   

   Note

   If the login request is unfamiliar and not expected, select DENY, and then select Yes, Report. This sends a notification of the unauthorized login attempt to your organization’s authentication management system.

   

3. If prompted, enter the authenticator PIN and select Continue.

   SafeNet MobilePASS+ sends a passcode to the login page.

   You are now logged in to the resource.

Approve login requests — enhanced approval workflow

When a login request arrives on your mobile device, you can approve a login request from the following:

• SafeNet MobilePASS+ application

• Locked screen

• Unlocked screen

Note

With the enhanced approval workflow, in addition to approving login requests from the SafeNet MobilePASS+ app, if the user has only one no-PIN and server-PIN protected authenticator, they can approve the push login request without opening the app.

Approve a login request from the SafeNet MobilePASS+ app

The Login request from window includes information about the application initiating the request, the location of the request, and its IP address.

1. In the Login request from window, review the information and select Approve.

   

   If the login request is unfamiliar and not expected, select Deny, and then select Yes, Report. This sends a notification of the unauthorized login attempt to your organization’s authentication management system.

   

2. If prompted, enter the authenticator PIN and select Continue.

   SafeNet MobilePASS+ sends a passcode to the login page.

Approve a login request from a locked screen

1. Select the Login request notification.

   

2. Select Approve.

   

3. If your device is password protected, enter the passcode.

Approve a login request from an unlocked screen or from another app

1. Select the notification to open the login request in SafeNet MobilePASS+.

2. Review the login request information and then select Approve.

   

Approve login requests with number matching

For additional security, your administrator can configure the push login request to use number matching instead of the Approve and Deny buttons. With number matching, the login screen displays a number, and you tap the matching number on the push notification.