MS365 MFA with Authpoint - push notifications

Mr_PMr_P
in AuthPoint - General

I have been working through the process of setting up my users to use Authpoint as MFA for their MS365 accounts, and am getting some inconsistent results.
I have push notifications already work for all users, so I am happy that the app itself is configured corrected on the suers phones.
However, of the 4 accounts I have set up so far, three are not getting a push notification when signing into MS365, and one is. Those that are not, are prompted to enter a code, which works fine. So on the surface of things, all should be configured correctly you would think. Does anyone have any idea why one user is getting a push notification and the others are not?
Interestingly, in the MS My Sign-ins Security info, the user who is getting the push notifications, does not have an authenticator app configured at all - whereas the others do.
The only other difference I am aware of, is the user who is getting the push notifications uses a samsung device, all the others are Apple devices,
Any thoughts to help save my sanity??

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Mr_P

    Are the users signed in to their google accounts on those phones? Push notifications work via leveraging a system that is included with the OS. This reduces the amount of battery/CPU time that AuthPoint needs to consume to monitor new push notifications.

    If the user can migrate their token to another phone, the issue is likely that phone's ability to register for push notifications via google, samsung, or apple's services.

    If this issue continues, I'd suggest opening a support case.

    -James Carson
    WatchGuard Customer Support

  • dcolpittsdcolpitts
    edited February 10

    @Mr_P we have several thousand end users running AuthPoint across many many clients. If the end user enrolled themselves without any help from IT, and it's an Apple device, then 99.999% of the time it is because the user answered no when prompted by the AuthPoint client to allow notifications. If notifications is not allowed, then you don't get a push. Settings --> Notifications --> AuthPoint on the Apple Device and ensure notifications are turned on.

    Separately, recently I ran a report out of our ticketing system, and I would say that 96% of all our tickets for end users not getting push notifications are for users with Android Devices (the other 4% of our tickets are for Apple users). And 95% of the time, the resolution is to reboot the device and try again. 3% of the time it is because the end user has used an incorrect password, and there is no push at all. 1% of the time the device is not connected to the internet. And 1% of the time it is something else.

    Separately, don't forget that M365 credentials can be cached on the device for up to 90 days, so you will not necessarily get a push on every login.

    And finally - don't forget you can actually test the push notifications by using "User Verification" in AuthPoint - this is a great way to determine if it's the app, the phone, or the user that is broken.

    dcc

Sign In to comment.