Use the Mobile Authenticator

CyberArk Identity uses your device notification service to send your device a passcode when you choose Mobile Authenticator as your additional authentication method. You can use either the passcode or the CyberArk Identity mobile app to complete the authentication process.

You must have the “Show notifications” device setting enabled to use your device notification for authentication. If this feature is not turned on, you use the CyberArk Identity mobile app to authenticate with Mobile Authenticator.

Do not select this option if you are logging in to an application from the same device.

When you select Mobile Authenticator as the additional authentication method, the notification is sent to your device after you enter your password. Responding to the notification is slightly different for each device OS.

Use CyberArk Identity application as the Mobile Authenticator response

The Mobile Authenticator option on CyberArk Identity application is enabled using the Show Authenticator option on the Settings page. If your system administrator has not enabled this option, you must enable it manually before you can use this feature.

To use CyberArk Identity application as the Mobile Authenticator response:

  1. Open CyberArk Identity application on the device.
  2. Tap Mobile Authenticator.

    If your systems administrator has required finger print authentication (or PIN as a fallback option), then you must provide this information to access the Mobile Authenticator code.

    If your system administrator has required you to match a two-digit number displayed on the sign in page to one of three two-digit numbers displayed on the Mobile Authenticator, tap the matching number to access the Mobile Authenticator code.

  3. Enter the code in the login prompt to complete authentication.

Use an Apple Watch to respond to MFA challenges

The CyberArk Identity mobile app supports push notifications and passcodes on watchOS to respond to Mobile Authenticator and one-time passcode MFA challenges.

Responding to MFA challenges from CyberArk Identity on an Apple Watch requires the following:

  • Notifications enabled on the Apple Watch (for the Mobile Authenticator challenges

    Refer to https://support.apple.com/en-us/HT204791 for more information about controlling notifications on your Apple Watch.

  • The Apple Watch and the enrolled iOS device must be paired with each other and either connected to the internet or connected to each other through bluetooth.

  • The CyberArk Identity mobile app in installed on the Apple Watch.

    Refer to https://support.apple.com/en-us/HT204784 for more information about installing applications on an Apple Watch.

  • iOS and watchOS must meet the minimum versions listed in CyberArk Identity Release Notes.

If your devices meet the requirements and your enrolled iOS device is locked, then you can use the Apple Watch to respond to CyberArk Identity MFA challenges.