Auth0 Guardian

Auth0 Guardian is a mobile app that can deliver push notifications to a user’s pre-registered device (typically a mobile phone or tablet) from which a user can immediately allow or deny account access via the press of a button. It can also generate one-time passwords if that factor is preferred. Instead of integrating with each vendor-specific push notification service.

How it works

Auth0 push notifications are implemented using AWS Simple Notification Service (SNS) which handles the vendor-specific integration.

Auth0 Guardian flow diagram

The push factor is offered with the Guardian mobile app, available for both iOS and Android. In addition, the technology is also available as Guardian SDK which can be used in custom mobile applications to act as a second-factor push responder.

Auth0 Guardian is available on (Google Play and the App Store). To learn more, read Apple Push Notification service (APNs) at https://developer.apple.com.

Guardian and push notifications

When enabling push, end-users will need to have Auth0 Guardian or a custom application built with the Guardian SDK installed in their device. The app is sent push notifications when the user attempts to authenticate, and the user must respond to it in order to log in, ensuring that they not only know their login information but also possess the device set up for MFA.

End users will be prompted to download Auth0 Guardian when trying to sign up or log in to your application. Once they indicate that they have successfully downloaded the app, a QR code will appear on the screen. They will have a short amount of time in which to scan the code with the designated app. Once this is done, they should see a confirmation screen.

Once this is all set up, when the user attempts to authenticate as normal, their device will receive a push notification via the app, and once they approve the request, they will be logged in.

Auth0 Guardian and push notifications example

After a user enrolls with push notifications, they can also choose to authenticate with a one-time code by clicking Manually Enter Code at the challenge prompt.

Verify Your Identity Login Prompt

The user can then check the authenticator app for the current one-time code and enter the code at the prompt. Your users will need to have an authenticator app installed on their mobile devices.

To learn how to reset MFA for users that have lost their devices and recovery codes, read Reset User Multi-Factor Authentication and Recovery Codes. You can also review Troubleshooting Multi-Factor Authentication Issues.

Guardian SDKs

You can install the Guardian SDK, available for iOS and Android to build your own multi-factor authentication application with complete control over the branding and look-and-feel. With the Guardian SDK, you can build your own custom mobile applications that work like Guardian or integrate some Guardian functionalities, such as receiving push notifications in your existing mobile applications. A typical scenario could be for a banking app. You can use the Guardian SDK in your existing mobile app to receive and confirm push notifications when someone performs an ATM transaction.

Learn more