Push Notification Authentication

Note: Push Notification Authentication is an Advanced Authenticator available as part of the Professional edition of ADSelfService Plus.

Once Push Notification Authentication is enabled, users will have to approve the push notification sent by the ADSelfService Plus server to prove their identity.


  1. Open the following ports in your firewall setup to let the ADSelfService Plus server communicate with the push servers of Apple and Google, and send the push notifications to the ADSelfService Plus iOS and Android mobile applications, respectively:
    • For Apple: 5223, 2195, 2196, 443
    • For Google: 5228, 5229, 5230, and 80 or 443
  2. Grant access to the following IP or host addresses in the firewall setup:
    • For Apple: gateway.push.apple.com and feedback.push.apple.com
    • For Google: all outbound IPs with port 80/443, or simply open the Google ASN IPs
Note: If your organization's policy does not allow unblocking the above IPs, route the requests to these IPs through a proxy server as per your organization's policy. When you use a proxy server, do not forget to configure the Proxy Settings in the product.

Configuration steps

  1. Navigate to Configuration → Self-Service → Multi-factor Authentication → Authenticators Setup.
  2. From the Choose the Policy drop-down, select a policy.
    Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.
  3. Click Push Notification Authentication section.
  4. Select Enable Push Notification Authentication.
  5. Push Notification authenticator

  • Users need to download the ADSelfService Plus iOS or Android mobile app to use this authentication technique.
  • This is a device-based enrollment. If users install the app in another device, they need to enroll again.
  • If a user performs self-service password reset/account unlock from a mobile site, users cannot use Push Notification Authentication to prove their identity.


Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.


Need technical assistance?

  • Enter your email ID
  • Talk to experts
  • By clicking 'Talk to experts' you agree to processing of personal data according to the Privacy Policy.

Don't see what you're looking for?


    Visit our community

    Post your questions in the forum.


    Request additional resources

    Send us your requirements.


    Need implementation assistance?

    Try onboarding


Copyright © 2024, ZOHO Corp. All Rights Reserved.