Enroll users with the UserLock Push application
Help users activate Multi-Factor Authentication (MFA) using the UserLock Push mobile app to approve sign-ins or generate one-time passwords (TOTP) directly from their smartphone.
UserLock Push is a feature of UserLock that uses the UserLock Push mobile app (available on iOS and Android) to deliver secure push notifications for multi-factor authentication (MFA).
Users can approve or deny login requests in real time from their phone, or use the app’s built-in TOTP codes when offline.
Push notifications can be used with all connection types protected by UserLock MFA:
Local and RDP sessions,
RD Gateway, RDWeb,
RemoteApp,
VPN,
IIS,
and SaaS applications.
The mobile app can also manage standard TOTP accounts (for example Gmail, GitHub, or Microsoft 365), allowing users to centralize all their authentication codes.
Note
🚩 Before following this guide:
We recommend reading How to implement MFA for general recommendations, communication tips, and preparation steps to ensure a smooth rollout.
Note
You can find detailed information on using the app, managing accounts, and reviewing push requests in the UserLock Push App Reference.
UserLock Server must have an Internet access with outbound HTTPS traffic (TCP 443) allowed to the following endpoints:
push.isdecisions.comidp.isdecisions.com
UserLock Anywhere must be configured (to reach agents outside the network).
The UserLock Desktop Agent must be installed on the workstation.
The workstation must have Internet access when outside the corporate network.
Smartphone:
iOS 13.0 or later, or Android 5.0 or later
UserLock Push app installed from the App Store or Google Play.
Note
If the user is already enrolled with another MFA method and wants to switch to Push, an administrator must reset the MFA key before re-enrollment.
Before enrolling users, an administrator must enable the Push notifications method in the UserLock console.
Open the UserLock Console.
Go to ⚙️ Settings ▸ MFA.
Under MFA methods, enable Push notifications.
Save the configuration.
Once Push is activated as an MFA method, it becomes available for use in user enrollments.
Before enrolling, make sure that MFA is enabled for the user account in UserLock.
Note
See Access policy management to learn how to apply an access policy in UserLock.
See MFA policy reference for details on MFA policy rules and options.
On your smartphone, open the App Store or Google Play and search for UserLock.
Download and install UserLock Push
On your computer, at your next login, select Push notifications card when prompted for MFA enrollment.
Scan the QR code displayed on your screen using the UserLock Push app
Tap Continue to complete enrollment.
The UserLock Push app is now configured as your primary MFA method.
If push notifications are unavailable, use the TOTP code displayed in the app.
Note
If your administrator also requires another MFA method, you may be prompted to enroll it. If you cannot complete that enrollment, cancel and contact your administrator. Adding another method later requires restarting the MFA setup.
Once enrolled, MFA with UserLock Push will trigger automatically during login.
Enter your Windows credentials.
A push notification is sent to your smartphone.
Approve or refuse the login request directly from the notification.
If you’re offline or the push fails, open the app and enter the TOTP code instead with the Enter code button.
⚠️ If you receive a request you didn’t initiate:
Refuse it, change your password immediately, and contact your IT Help Desk.