Auth0 Guardian

Auth0 Guardian is a mobile application that can deliver push notifications to a user’s pre-registered device (typically a mobile phone or tablet) from which a user can immediately allow or deny account access via the press of a button. It can also generate one-time passwords if that factor is preferred. The Auth0 Guardian app serves as a centralized alternative to integrating with each vendor-specific push notification service.

How it works

Auth0 push notifications are implemented using AWS Simple Notification Service (SNS) or direct-to-vendor services Firebase Cloud Messaging (FCM) and/or Apple Push Notification (APN) to configure vendor-specific integrations.

Auth0 Guardian flow diagram

The Auth0 Guardian mobile app offers the push factor for both iOS and Android devices. In addition, this technology is also available as the Guardian SDK, which can be used with custom mobile applications to act as a second-factor push responder.

Auth0 Guardian is available on Google Play and the App Store. To learn more, read Configure Push Notifications for MFA.

Guardian and push notifications

When enabling push notifications, users must have Auth0 Guardian or a custom application built with the Guardian SDK installed on their device. Push notifications are sent to the app when a user attempts to authenticate. The user must respond to the push in order to log in, ensuring that they not only know their login information but also possess the device set up for MFA.

When push notifications are configured for your application, users are prompted to download Auth0 Guardian when first signing up or logging in to your application. After a user indicates that they have successfully downloaded the app, a QR code displays on the screen. The user then has a short amount of time to scan the code with the designated app to complete the initial setup.

After users complete the setup process, their device will receive a push notification via the app when they attempt to authenticate as normal. Upon approving the request in the app, they will be logged in.

Auth0 Guardian and push notifications example

After a user enrolls with push notifications, they can also choose to authenticate with a one-time code by clicking Manually Enter Code at the challenge prompt.

Verify Your Identity Login Prompt

The user can then check the authenticator app for the current one-time code and enter the code at the prompt. Users must have an authenticator app installed on their mobile devices to complete this step.

To learn how to reset MFA for users who have lost their devices and recovery codes, read Reset User Multi-Factor Authentication and Recovery Codes. You can also review Troubleshooting Multi-Factor Authentication Issues.

Security settings and localization

Security settings

The Auth0 Guardian app allows users to configure passcodes and biometrics as layers of security on iOS and Android.

In the Security section of the Settings menu, users can enable a passcode, Touch ID, or Face ID. These options protect the information managed within the app in the event a device is lost or stolen.

Localization options

The Auth0 Guardian app supports localization for multiple languages and dialects on iOS and Android.

In the Language section of the Settings menu, users can select their preferred language. By default, the app uses the same language as the device system.

The Auth0 Guardian app supports the following languages and dialects:

Language Code
Basque eu-ES
Bosnian bs
Bulgarian bg
Catalan ca-ES
Croatian hr
Czech cs
Chinese (Simplified) zh-CN
Chinese (Traditional) zh-TW
Danish da
Dutch nl
English en
Estonian et
Finnish fi
French fr-FR
French (Canada) fr-CA
Galician gl-ES
German de
Greek el
Hindi hi
Hungarian hu
Indonesian id
Italian it
Icelandic is
Latvian lv
Lithuanian lt
Japanese ja
Korean ko
Norwegian no
Norwegian (Bokmål) nb
Norwegian (Nynorsk) nn
Polish pl
Portuguese (Brazil) pt-BR
Portuguese (Portugal) pt-PT
Romanian ro
Russian ru
Serbian sr
Slovak sk
Slovenian sl
Spanish es
Spanish (Argentina) es-AR
Swedish sv
Thai th
Turkish tr
Ukrainian uk
Vietnamese vi
Welsh cy

Theme options

The Auth0 Guardian app supports light and dark mode themes on iOS and Android.

In the Theme section of the Settings menu, users can select the following options:

  • System: Uses system default mode theme.

  • Light: Enables light mode theme.

  • Dark: Enables dark mode theme.

Guardian SDKs

You can install the Guardian SDK (available for iOS and Android) to build your own multi-factor authentication application with complete control over the branding and look-and-feel. With the Guardian SDK, you can build your own custom mobile applications that work like Guardian or integrate some Guardian functionalities, such as receiving push notifications in your existing mobile applications. A typical scenario could be for a banking app. You can use the Guardian SDK in your existing mobile app to receive and confirm push notifications when someone performs an ATM transaction.

Use Actions to enable Multi-Factor with Auth0 Guardian

To enable Auth0 Guardian within an Action, pass guardian as the provider parameter when you enable multi-factor authentication:

exports.onExecutePostLogin = async (event, api) => {
  api.multifactor.enable('guardian', { allowRememberBrowser: false });
};

Was this helpful?

/

To force your users to log in with Auth0 Guardian every time, create the Action with allowRememberBrowser: false.

Multi-Factor with Auth0 Guardian and Authorization Extension

This template provides an example and starting point to trigger multi-factor authentication with Auth0 Guardian for push notifications when a condition is met.

Upon first login, the user can enroll the device.

exports.onExecutePostLogin = async (event, api) => {
const groups = event.user.app_metadata.authorization.groups;
const GROUPS_WITH_MFA = {
// Add groups that need MFA here
// Example
admins: true
};

const needsMFA = !!groups.find(function (group) {
return GROUPS_WITH_MFA[group];
});

if (needsMFA) {
// optional, defaults to true. Set to false to force Guardian authentication every time.
// See https://auth0.com/docs/secure/multi-factor-authentication/customize-mfa#change-frequency-of-mfa-prompts for details
api.multifactor.enable('guardian', { allowRememberBrowser: false });
}

};

Was this helpful?

/

Learn more