Notification services

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

Notification services enable you to send push notifications to custom-built apps that use the Devices SDK. The Devices SDK allows you to configure your branded push service and embed push notifications and biometric verification directly into your organization's mobile app. Your users don't have to leave your app to perform verification in another app when they attempt to sign in to your service. You can configure notifications using the following push provider services:

Before you begin

Deploying custom push verification functionality is a multistep process. First you perform several tasks in the Devices SDK. Then you can configure notification services and the Custom Authenticator. See Custom Authenticator integration guide - Android or Custom Authenticator integration guide - iOS for prerequisites and instructions.

Add a notification service

Add a notification service for each push service that you want to integrate with Okta. There’s no limit to the number of notification services that you can add, but each notification service name must be unique.

  1. In the Admin Console, go to Security > Device integrations.

  2. Click Notification services.

  3. Click Add notification service, and then select the required notification provider.

  4. Enter the required information, depending on the notification provider you selected in step 3:

    For Apple Push Notification service (APNs):

    • Name: Enter a unique name for the Apple Push Notification service.

    • Key ID: Enter the 10-character Key ID that you obtained from your Apple developer account.

    • Team ID: Enter the 10-character Team ID that you used to develop your company’s app. Obtain this value from your Apple developer account.

    • Token signing key: Browse for, and then select the token signing key (*.p8 file) you received from Apple. To learn how to obtain an Encryption Key and Key ID from Apple, see the Apple documentation.

    See Apple Developer Documentation for more information.

    For Firebase Cloud Messaging (FCM):

    • Name: Enter a unique name for the Firebase Cloud Messaging service.

    • Service account JSON: Enter your service account key in JSON format.

      You can use the Google Cloud Console, Google Cloud CLI, or one of the client libraries to create your service account key. See Creating and managing service account keys.

  5. Click Add.

View push notification events

After you add a notification service, you can check the System Log for successful and failed push notifications sent to users. For example, you can view custom push notifications sent to a specific provider the name or that had a specific outcome by querying events recorded in the System Log.

  1. In the Admin Console, go to Security > Device integrations.

  2. Click Notification services.

  3. Locate the notification service for which you want to view events.

  4. Click the Actions menu, and then choose Events.

    The search field is automatically populated to look for events with eventType eq "device.custom_push.send_notification" and with the push provider identifier associated with your selected notification service provider.

    If you want to change the query, click Advanced Filters. For example, if you only want to view failed push notifications for a specific provider, follow these steps:

    1. Click Advanced Filters.

    2. Click Add Filter.

    3. Select outcome, and then select outcome.result.

    4. Select FAILURE.

    5. Click Apply Filter.

  5. Select events of interest.

    View a push notification event in the System Log

  6. Click System > SecurityContext > DebugData to view more details about the push notification service provider and the event.

    View DebugData for details about the push notification service provider

Edit a notification service

After you add a notification service, you can modify its properties. For example, you can change the name you use to identify the service or replace the account key.

  1. In the Admin Console, go to Security > Device integrations.

  2. Click Notification services.

  3. Locate the notification service that you want to edit.

  4. Click the Actions menu, and then choose Edit.

  5. Edit the notification service.

  6. Click Save.

Delete a notification service

Before you delete a notification service, update custom authenticator policies that are associated with it. Deleting a notification service might prevent users from accessing applications that rely on push notifications.

  1. In the Admin Console, go to Security > Device integrations.

  2. Click Notification services.

  3. Locate the notification service that you want to delete.

  4. Click the Actions menu, and then choose Delete.

Related topics

Custom authenticator integration guide - Android

Custom authenticator integration guide - iOS

Configure the Custom Authenticator

Create OIDC app integrations

Establishing a token-based connection to APNs

Handling notification responses from APNs

Registering your app with APNs

Google error codes for FCM failure conditions