Push notification registration

Edit online

Verify Identity Access supports push notifications on both iOS and Android platforms. It can also be configured to send push notifications to the IBM® Verify application.

About this task

To issue a notification to a client device, a specific payload must be generated and sent to the push notification service of the device's platform (Apple Push Notification Service, Firebase Cloud Messaging, or Push for IBM Verify). This notification request requires a form of authentication and authorization. To establish a trusted connection, Apple Push Notification Service requires a provider certificate, Firebase Cloud Messaging requires a server (API) key, and Push for IBM Verify requires configuration of authentication credentials.

As an administrator, you must register such forms of authentication for your authenticator applications to successfully deliver push notifications to clients on demand. Such registration can be done through either the local management interface or the RESTful API. For details about how to register push notification endpoints through the RESTful API, see the RESTful API documentation.

Note: For certificate-based push notification registration, use a specific SSL certificate database for this purpose and import all required certificates to the SSL certificate database before registration.

The Apple Push Notification Provider implementation was previously based on the Binary Provider API prior to 10.0.2.0. When upgrading to 10.0.2.0, existing provider configurations will be updated to match the expected settings for the new implementation, based on the Apple Push Notification service (APNs).

The only changes performed will be to change the Push Provider Host (provider_address) when the values in the following table match.
Old Push Provider Hosts Migrated to new Push Provider Host 
gateway.push.apple.com
 feedback.push.apple.com
 
api.push.apple.com:443
 
gateway.sandbox.push.apple.com
 feedback.sandbox.push.apple.com
 
api.development.push.apple.com:443

Procedure

  1. Log in to the local management interface.
  2. Click AAC.
  3. Under Manage, click Push Notification Providers.
    Adding a push notification provider
    1. Click Add.
    2. Provide values for the displayed fields.
      Mobile Platform
      Specifies whether the push notification is for iOS or Android platform.
      Application ID
      Identifier of the application.
      Push Provider Host
      Host name to be used to connect to the push service provider. The value can include port number, for example, fcm.googleapis.com:443.
      Push Provider
      Select the provider for your push notifications. The available options are Firebase (Google's push notification provider), Apple (Apple's push notification service), or Push for IBM Verify.
      Service Account File
      If Firebase is selected as the Push Provider, then this field becomes available to provide the mandatory service account JSON file. This file is obtained from the accounts section in the external Firebase console.
      Certificate Store
      If iOS Application is selected in the Mobile Platform field and Apple is selected as the Push Provider, then this field becomes available to select the certificate store on the appliance that contains the certificate to be used to authenticate to the Apple push notification service.
      Certificate Label
      If iOS Application is selected in the Mobile Platform field and Apple is selected as the Push Provider, then this field becomes available to select the certificate to be used to authenticate to the Apple push notification service.
    3. Click Save.
    4. Deploy the changes.
    Modifying a push notification provider
    1. Select the push notification provider to be modified.
    2. Click Edit.
    3. Change the settings as needed.
    4. Click Save.
    5. Deploy the changes.
    IBM Verify has the ability to send push notifications to a mobile device where the device owner after unlocking the device can process an action of the push notification without launching IBM Verify mobile app. This is functionality supported with a silent push payload. Verify Identity Access will send a silent push payload when the MMFA response authentication policy has a user presence mechanism as the first step in the workflow. No other configurations will result in a silent push payload.

    The silent push payload functionality is enabled by default but can be disabled by using the advanced configuration parameter mmfa.silentpush.enabled.