Symantec Access Management

Expand all | Collapse all

Strong Authentication with PUSH notifications

Jump to Best Answer
  • 1.  Strong Authentication with PUSH notifications

    Posted 09-02-2019 04:14 AM

    We are implementing push notifications as the 2nd factor authentication method. We will rely on Google Firebase for this and use the out of the box CA Mobile Authenticator app. Due to GDPR concerns we would like to find the answers to these questions:

    1) When a user no longer exists in the Strong Authentication organization, are his/her details removed immediately from the Firebase database?
    2) If not, how long is this data kept in the DB?
    3) When using Strong Authentication with the out of the box push notification implementation (meaning we use the FCM server key that comes by default with the CA Adapter) is it possible for us to perform any user management operations (via the provided APIs) like removing user from the Firebase DB?
    4) Is Broadcom able to differentiate between push notifications sent by different customers in the Firebase console? Can we request Broadcom to provide an activity report regarding push notifications for our implementation for example? Because from what I understand most of the customers will use the push notification feature with the default server key. So I assume that details about all the transaction that use the same server key will be visible in one instance of the Firebase console.
    5) Whenever there are delivery issues with push notifications will Broadcom support provide us details from the Firebase console end? For example we can see in the Strong Authentication logs that the push notification was relied to Google Firebase but the user did not receive it.
    6) In case we use a different FCM server key on our CA Adapter implementation for push notifications, will this give us access to a Firebase console where we can see all the transactions related to our company?

    Thank you,

  • 2.  RE: Strong Authentication with PUSH notifications
    Best Answer

    Posted 09-04-2019 09:14 PM
    Hi Alex, My suggestion on this will be to track this through a support case. Google Firebase ( FCM) is GDPR compliant and access to FCM console is only through the solution provider.