Mobile MultiFactor Authentication: Provide separate push notification message.

Share this post:

Mobile MultiFactor Authentication: Provide separate push notification message.

Prior to IBM Security Access Manager version when a new transaction was generated in a mobile multifactor authentication scenario there was a single message generated and associated with the new transaction. The attribute was named “contextMessage” and was used for a dual purpose:

  1. A push notification informing the user that they have a pending transaction.
  2. A transaction specific message informing the user of what the actual transaction is.

The administrator was then tasked with crafting this message such that it could fit the dual purpose without being too specific for either purpose.

IBM Security Access Manager version added support to split the context message into 2 separate messages:

  1. A push message that gets sent as part of the push notification.
  2. A transaction message that gets sent in the pending transactions. This still uses the original attribute name “contextMessage”.

Note that this change does not require any changes to the IBM Verify application. The same push notification message variable is still being used. It is just now being populated from a different configuration property.

This article is going to show how the new push notification message can be configured.


1. Open the Local Management Interface and navigate to the authentication policies page:

Secure Access Control —> Authentication —> Policies

2. If the policy to update already exists select it and click edit otherwise create a new policy and add the MMFA authenticator to the list of workflow steps.

3. Click the modify parameters button alongside the MMFA authenticator.

4. Check the “Pass” checkbox for the pushMessage parameter to ensure that it gets passed.

5. Set the value of the pushMessage as a hardcoded value, a session attribute or a request attribute.

6. Click OK to exit the modify parameters dialog.

7. Click Save to store the new settings.

8. Deploy the changes.

9. At this stage when a new push notification is generated for this policy it will include the new push notification message.

Click here to rate this article

Rate this article :

More Articles stories
By Carsten Hagemann on June 20, 2022

Getting started with the IBM Verify SDK

The IBM Verify SDK is a library available for Android and iOS and provide classes to create rich native client mobile applications that interact with IBM Security Verify and IBM Security Verify Access, so that enterprises can easily integrate flexible and intelligent multi-factor authentication into their applications. Multi-factor authentiation (MFA) verifies an indiviual’s identity by […]

Continue reading

By Martin Schmidt on July 11, 2019

Modernizing your B2C Portal Security – LDAP Proxy Deep Dive

In this part of our series we are taking a deeper look on how the LDAP reverse proxy works and what is needed to be done to make it work. Enable CI In this part we look at what needs to be done on the CI side and what information needs to be collected. We […]

Continue reading

By Martin Schmidt on May 4, 2019

Modernizing your B2C Portal Security – Desired End State

Proposition: As we have seen in part one of this series, managing customer identities for a portal can be a challenge and distraction for the business.  In this part of the series we will outline how a modernized solution for a portal security can simplify operations and free your team up to focus on the […]

Continue reading