Notification services

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

Notification services enable you to send push notifications to customer-built apps that use the Devices SDK. The Devices SDK allows you to configure your own branded push service and embed push notifications and biometric verification directly into your organization's mobile app. Your users don't have to leave your app to perform verification in another app when they attempt to sign in to your service. You can configure notifications using the following push provider services:

Before you begin

Deploying custom push verification functionality is a multi-step process. First you perform several tasks in the Devices SDK. Then you can configure notification services and the Custom Authenticator. See Custom authenticator integration guide - Android for prerequisites and instructions.

Add a notification service

Add a notification service for each push service that you want to integrate with Okta. There’s no limit to the number of notification services that you can add, but each notification service name must be unique.

  1. In the Admin Console, go to Security > Device integrations.

  2. Click Notification services.

  3. Click Add notification service, then select the required notification provider.

  4. Enter the required information, depending on the notification provider you selected in step 3:

    For Apple Push Notification service (APNs):

    • Name: Enter a unique name for the Apple Push Notification service.

    • Key ID: Enter the 10-character Key ID that you obtained from your Apple developer account.

    • Team ID: Enter the 10-character Team ID that you used to develop your company’s app. Obtain this value from your Apple developer account.

    • Token signing key: Browse for, and then select the token signing key (*.p8 file) you received from Apple. To learn how to obtain an Encryption Key and Key ID from Apple, see the Apple documentation.

    See Apple Developer Documentation for more information.

    For Firebase Cloud Messaging (FCM):

    • Name: Enter a unique name for the Firebase Cloud Messaging service.

    • Service account JSON: Enter your service account key in JSON format.

      You can use the Google Cloud Console, Google Cloud CLI, or one of the client libraries to create your service account key. See Creating and managing service account keys.

  5. Click Add.

View push notification events

After you’ve added a notification service, you can check for successful and failed push notifications sent to users in the System Log. For example, you can view custom push notifications sent to a specific provider the name or that had a specific outcome by querying events recorded in the System Log.

  1. In the Admin Console, go to Security > Device integrations.

  2. Click Notification services.

  3. Locate the notification service for which you want to view events.

  4. Click the Actions menu, then choose Events.

    The search field is automatically populated to look for events with eventType eq "device.custom_push.send_notification" and with the push provider identifier associated with the notification service provider you selected in step 3.

    If you want to change the query or add filters to it, click Advanced Filters. For example, if you only want to view failed push notifications for a specific provider:

    • Click Advanced Filters.

    • Click Add Filter.

    • Select outcome, then select outcome.result.

    • Select FAILURE.

    • Click Apply Filter.

  5. Select events of interest.

    View a push notification event in the System Log

  6. Click System > SecurityContext > DebugData to view more details about the push notification service provider and the event.

    View DebugData for details about the push notification service provider

Edit a notification service

After you’ve added a notification service, you can modify its properties, if needed. For example, you can change the name you use to identify the service or replace the account key.

  1. In the Admin Console, go to Security > Device integrations.

  2. Click Notification services.

  3. Locate the notification service that you want to edit.

  4. Click the Actions menu, then choose Edit.

  5. Edit the notification service as required.

  6. Click Save.

Delete a notification service

Before you delete a notification service, update any custom authenticator policies that are associated with it. Deleting a notification service might prevent users from accessing applications that rely on push notifications.

  1. In the Admin Console, go to Security > Device integrations.

  2. Click Notification services.

  3. Locate the notification service that you want to delete.

  4. Click the Actions menu, then choose Delete.

Related topics

Custom authenticator integration guide - Android

Configure the Custom Authenticator

Create OIDC app integrations using AIW

Establishing a token-based connection to APNs

Handling notification responses from APNs

Registering your app with APNs

Google error codes for FCM failure conditions