9.20.2 Authentication Agent for Web

A browser-based Progressive Web Application (PWA) that can be installed using the Google Chrome browser on any desktop or mobile operating system.

When a user initiates the out-of-band authentication, a push notification is sent on the last subscribed device with the Authentication Agent for Web. The push notification provides information about the pending authentication request. After initiating the out-of-band authentication, the user need not wait for the push notification. However, can access the Authentication Agent for Web or log into the OOB portal to check for the authentication request.

The following image describes the authentication flow for the Out-of-band method when the Authentication Agent for Web is in use.

A user wants to authenticate on an endpoint such as a laptop or a website with the Out-of-band method. The following steps describe the authentication flow:

  1. When the authentication request is initiated on the Client side (application, Client, RADIUS, etc), the endpoint contacts the Advanced Authentication server.

  2. The Advanced Authentication server validates the user’s credentials.

  3. After validating the credentials, the Advanced Authentication server sends a push message to the third-party Push services.

  4. The third-party Push services forwards the push message to the subscribed device which is an Authentication Agent for Web PWA app or OOB portal.

  5. User clicks the push message to open the PWA app or OOB portal, or opens the PWA app or OOB portal manually. Message prompts to authenticate. User authenticates using any available chain to log in to the OOB portal. The authentication is indicated by the Accept and Reject options. The user’s selection is then sent to the server.

  6. Finally, the server validates the authentication and the endpoint gets authenticated.

    HTTPS protocol is used for the communication.

IMPORTANT:To receive the push messages, you must enable the notifications in your browser for the OOB portal or Authentication Agent for Web app. By default, the notifications are blocked.