Push OTP on Windows

Support for the push OTP feature depends on the configuration of your SafeNet MobilePASS+ authenticator.

Push OTP simplifies the process of accessing a protected resource, such as a webpage, cloud or VPN. A push notification is sent from the login page to your mobile device or computer.

After you have approved the login request with a tap of a button, and entered a PIN (if required according to your authenticators’ settings), a passcode is generated by your SafeNet MobilePASS+ app and sent to the login page, logging you in automatically. This eliminates the need to generate a one-time passcode (OTP) on your mobile device or to enter it into the login page.

Activate and deactivate push OTP

1. Open system settings .

2. Search for Notifications & actions.

3. Scroll down to the MobilePASS+app.

   

4. To activate push OTP, select On.

5. To deactivate push OTP, select Off.

Log in with push OTP

The following description uses Microsoft 365 as an example. The login steps may vary for other resources.

1. Open the login page of the resource you wish to access and enter your organization username and password.

   

   You are redirected to your organization’s login page.

2. Enter your login credentials and click Sign in.

   

3. Select Use my mobile to autosend a password and click Submit.

   

   A notification of the login request is sent to your mobile device.

   

   Note

   The Enhanced Approval Workflow is not available where PIN authenticators have not been configured to support it.

4. When the login request is displayed on your screen, click the notification.

   

   The login request window opens.

   

   

   Note

   Map point should display the location name from where you have been requested for login. If you see a different location than expected, it may be an unauthorized request. Tap Deny to Report the unauthorized login attempt.

5. To approve the login request, click Approve.

   

   Note

   If you receive an unexpected request, tap Deny. Then, to send a notification of the unauthorized login attempt to your organization’s authentication management system, click Report.

6. If there is more than one authenticator on the MobilePASS+ app, use the left < and right > arrows to navigate to the required authenticator.

   

7. If the authenticator is PIN protected, enter the PIN and click Submit.

8. If your organization supports biometric PINs and you are using a Windows Hello compatible device, the Hello, Owner! window displays. Choose one of the following options:

   • Click OK.

   • Click More choices and then select one of the following authentication methods: Face, Fingerprint, or PIN.

   

   SafeNet MobilePASS+ sends a passcode to the login page.

   A confirmation message displays on the MobilePASS+ application screen.

   

   You are logged in to the resource that you requested.

   

MobilePASS+ Push with number matching mechanism

MobilePASS+ uses number matching to enhance the security of push authentications and prevent MFA fatigue or push bombing attacks. This mechanism empowers the user to exercise control over every login attempt by choosing the corresponding number displayed during the authentication process.

To log in with number matching push:

1. Open the login page of the required resource, enter the organization username and password, and select auto send password option to send login request to your device.

2. A numerical challenge on the organization's login page is displayed, match this number with the number shown in Push login request during Push approval.
   

3. Click the displayed login request notification on the screen.

   

   Note

   If the authenticator is not PIN protected and number is tapped correctly, the login request gets approved without launching the MobilePASS+ application.

4. Click on the push notification to open the login request window.

5. To approve the login request, click on the same numerical challenge in MobilePASS+, as shown on the organization’s login page.

6. If the authenticator is not PIN protected, clicking on the challenge results in approval of the request.
7. If the authenticator is PIN protected, enter the PIN and click Submit.

8. If your organization supports biometric PINs and you are using a Windows Hello compatible device, the Hello, Owner! window displays the options as shown in the below screenshot.

   Click More choices option and then select one of the following authentication methods:
   - Face
   - Fingerprint
   - PIN

9. After user authentication, SafeNet MobilePASS+ sends a passcode to the login page. And a confirmation message is displayed on the MobilePASS+ application screen.
   You are logged into the required resource.