Updated December 16, 2019

The SecureAuth Authenticate mobile app provides a multi-factor authentication method for end user validation during the login process.

The Authenticate app must first be installed on your mobile device or Chromebook and then connected to your user profile through a SecureAuth IdP mobile app enrollment realm before it can be used.

Once connected, the app can generate Time-based Passcodes (OATH TOTP), Push Notification One-time Passcodes (OTPs), Push-to-Accept / Symbol-to-Accept login requests, and fingerprint or facial recognition login requests for you to use when authenticating into your network.

In addition to iOS and Android devices, you can also set up and use the SecureAuth Authenticate app on a Chromebook. The SecureAuth IdP enrollment realm sees the Chromebook as an Android device. Although the screen shots in this document do not show a Chromebook user interface, the Android screen examples are the same as what you will see on a Chromebook.

SecureAuth Authenticate app for iOS and Android supports French, German, and Spanish languages on the user interface (UI). No special setting is necessary; if the mobile device is set to a supported language, the UI will display the supported language by default. Some error messages, enrollment, and validation page messages are sent from SecureAuth IdP or SecureAuth Identity Platform, so ensure that they have the proper language set so end users receive all messages in the appropriate language.

See the Release notes to learn about new features, enhancements, resolved issues, and known issues.

SecureAuth Authenticate app was validated with FIPS 140-2 compliant cryptographic libraries. 


SecureAuth Authenticate app no longer supports new Huawei phones or updates to existing phones to align with the recent United States embargo.

Release notes 

New features and enhancements

Version: 19.09
Release Date: October 8, 2019
Compatibility: SecureAuth IdP v9.2.x and v9.3.x and the SecureAuth® Identity Platform v19.07. Additionally, biometric fingerprint and face (iOS only) recognition require SecureAuth Identity Platform v19.07 or later, using the 2019 theme.

MD-204On Android tablets and phones, the SecureAuth Authenticate app is optimized for appropriate device scale.
MD-680On iOS phones, end users receive a guidance page to help them enable app notifications immediately after launching the SecureAuth Authenticate app for the first time. This new page helps end users understand how SecureAuth uses app notifications.
MD-763Android Wear watch can display the TOTP.

iOS and Android TOTPs are now displayed in the Accounts list by default.

Note that some sites require TOTPs to be hidden behind an account PIN that requires users to enter a PIN to see their TOTP. These TOTPs will continue to require an account PIN before they are displayed.

MD-866SecureAuth Authenticate app for iOS and Android supports French, German, and Spanish languages on the user interface (UI). No special setting is necessary; if the mobile device is set to a supported language, the UI will display the supported language by default.
MD-881Apple Watch "Passcode Required" message changed to "Enable Watch Passcode" for greater clarity and guidance.

Resolved issues 

MD-862On Apple Watches, if an end user sends a second login request while the first request is open, the latest request replaces the previous request.
MD-864On Android phones versions 5-8, the PIN view is displayed in landscape and portrait orientations.
MD-873On iOS phones, after end users delete their account, notifications are not displayed on the phone.
MD-876On Android phones, Authenticate Settings screen is available in portrait view only. This works as designed.
MD-887When an iOS device receives a SecureAuth biometric login request, the correct request-to-login text is displayed onscreen.
MD-911After end users scan the QR code successfully, SecureAuth Authenticate displays the appropriate TOTP with the timer spinning. If the timer completes, a new TOTP is generated.
MD-912On iOS phones, the screen no longer flashes when end users enter a PIN.
MD-922SecureAuth Cloud Access app was removed from the Apple Store because it is no longer supported.

Known issues 


When an Android end user exceeds the maximum incorrect PIN entry attempts, all associated accounts should be deleted, but instead are only invalidated.

Workaround: End users need to reconnect the account and retry the login.


iPhone end users enroll the Authenticate app with a URL, turn off and on the device passcode, and when they attempt to log in the account appears to be invalid. The following steps show the workflow for this scenario:

  • End users enroll the Authenticate app with a URL and set a PIN.
  • In Touch ID & Passcode, they select Turn Passcode Off, then Turn Passcode On immediately in their iPhone settings.
  • They enroll an account with a URL and they do not set a PIN.
  • The account appears to be invalid. 

Workaround: Do not select Turn Passcode Off, then Turn Passcode On immediately after enrolling an account.


On iPhone versions 5 and SE, when end users tap the Connect Account button to connect mobile devices with a URL or QR code, the options do not open. This is an Apple bug.

Workaround: None


On Apple Watches paired to phones, turning the passcode off and then on disables the TOTP on the watch. The Authenticate app shows an error and prompts the end user to re-enroll the device; however, the app still shows the last TOTP. 

Workaround: End users can reinstall the Authenticate app on the watch and then the paired phone will push the TOTP to the watch.


iOS 13 sometimes causes push notifications to be delayed.

WorkaroundEnd users can update their devices to 13.1.2 and then re-enroll the Authenticate app to resolve this issue.


End users must accept notifications during Authenticate app installation on mobile devices; otherwise, device registration will fail.

This scenario occurs when a SecureAuth IdP 9.3 enrollment realm TOTP seed is set to Token mode. 

Workaround: If SecureAuth IdP is configured for Seed mode, mobile device registration will succeed even if the user does not accept push notifications. 


When upgrading to the Identity Platform v19.07 or later, admins must use the 2019 theme and end users who already use the SecureAuth Authenticate app must reconnect their accounts to add the ability to accept biometric push notifications to use face (iOS) or fingerprint recognition through the mobile app.

Workaround: None

Version 19.06 - Release Date: July 11, 2019

Compatibility: SecureAuth IdP v9.2.x and v9.3.x and the SecureAuth® Identity Platform v19.07

MD-201, MD-811Biometric MFA is available for iOS (face and fingerprint recognition) and Android (fingerprint recognition only) devices.
MD-823SecureAuth Authenticate app no longer supports new Huawei phones or updates to existing phones to align with the recent United States embargo. 

Android devices show a countdown for the duration of time before the passcode expires, and not just the last 10 seconds.

Resolved issues 

MD-667iOS Watch app syncs accounts after turning watch passcode off and then on.
MD-719Authenticate app works on Samsung Galaxy J3 Prime phones.
MD-723iOS Watch app does not show Password Required message when a passcode is set up.
MD-797Android 5 devices display the Delete symbol appropriately.
MD-802The Feedback link on the iOS Authenticate app user interface works on iPhone XS. End users who have not set up Apple Mail will receive a guidance message when selecting the Feedback link.
MD-805When end users select an account on an Android phone, the account selection works consistently, as do the Move, Delete, Reconnect, and Edit functions.
If end users with iOS or Android devices enrolled for biometric login remove face or fingerprint recognition from the device, they will receive a guidance message to choose a different login method.
MD-823On many Android phone models (MI, Letv, Huawei, Oppo, Vivo, Asus, Meizu), a battery-saving feature stops Authenticate app notifications from being displayed. To remedy this, the first time end users run the Authenticate app, they will receive a guidance message to enable the app in their phone's Settings.
MD-824Android 8 and 9 phones display notifications appropriately when the Authenticate app pushes notifications to a paired Android Wear watch.
MD-828iOS phones that use PIN protection consistently push the PIN to a paired Apple Watch.
MD-835Android phones enrolled to use symbol-to-accept as a second factor display symbols on the mobile device correctly.
MD-836Apple Watch Launch Watch app syncs automatically with the Authenticate app on a paired mobile device after upgrade.
MD-837Android devices no longer close unexpectedly after end users remove a lock pattern, restore the lock pattern, and then delete the account.
MD-842After end users enroll a mobile device with a URL, the device is successfully set up for One-time Passcode on the Authenticate app.
MD-847When end users perform an unsuccessful QR enrollment on iOS devices, they receive a helpful error message.
MD-848The Authenticate app correctly sends a One-time Passcode to Android 4.4 phones.
MD-852On Android phones, if end users select an account to reconnect it by using a QR code, the selected account is replaced with a new account.

Known issues 

MD-659Apple Watches paired with iOS phones occasionally flash a screen containing old data before updating with new data. The flash occurs very quickly; no action is required to work around the issue.
MD-702On iOS devices, the passcode notification occasionally displays again after the end user presses OK and dismisses the notification.
Workaround: End users do not need to authenticate again and can dismiss the additional passcode notification.
MD-859On Apple Watches, when end users receive a Symbol-to-Accept login request and then select the correct symbol, the login request times out. However, the Authenticate app on the iPhone can still complete the authentication. The issue occurs on Apple Watch Generation 3 paired to iPhone X (iOS 12.3.x) and iPhone XS (iOS 12.2.x).
Workaround: This issue occurs so infrequently that SecureAuth Testers were unable to reproduce the issue on a majority of test devices. Testers attribute this bug to a Watch OS. After Testers performed a hard reboot of the Apple Watch, they could not replicate the bug again. If end users experience this bug, they can perform a hard reboot as a last resort. Perform a hard reboot by pressing the crown and side buttons simultaneously until the watch restarts. After the watch is restarted, it should automatically authenticate correctly.
Version 5.3 - Release Date: April 16, 2019

New features and enhancements


The Android Authenticate app supports the optional security feature requiring a custom PIN (4, 6, 8, or 10 digits) to access a TOTP passcode.


The Authenticate app supports Chromebook on ChromeOS build 72.x.x.x. When end users access a TOTP passcode from the app with a PIN, Chromebook allows the transaction.

TW-616The Authenticate app supports iOS 12.x and Android 9.x.

Resolved issues

MD-734Authenticate App allows numbers only when creating PIN on any mobile device.

The TOTP is displayed on one line when end users attempt to enroll an account with a QR Code using a Sony Xperia with Android 8.0.

MD-793All PIN digits are displayed inside the screen, regardless of PIN length. 

The numeric keyboard is displayed on a Sony Xperia XZ1 with Android 8.0.

MD-796Only one PIN is needed when deleting an Android account from a realm.

Known issues

MD-773After updating the Android Authenticate app to the latest version, the app icon is not updated automatically. The icon is updated after the phone is restarted.
MD-802The Feedback link on the iOS Authenticate app user interface does not work on iPhone XS.
MD-804On Chromebook, when the Authenticate app is open and a new notification arrives, a new window is created for the notification apart from the main application. When end users close the main application window, the notification window remains open.
MD-806On Android, the Create New PIN screen is missing. Workaround this by using the Create PIN screen to add or delete an account on the Authenticate App.
Version 5.2 - Release Date: November 27, 2018

New features and enhancements

Rebranded the user interface.

Completed several minor bug fixes.

For iOS, support the optional security feature requiring a custom PIN (4, 6, 8, or 10 digits) to access a TOTP passcode from the app.

Known issue

Android 5 OS and earlier might not show the new logo rebranding.