You can use Advanced Settings in the Admin console to create custom authentication error messages that display to users in the authenticator and provide a contact for them to reach out to for help or more information.
-
Log into the Admin console.
-
Select Settings and scroll down to Advanced Settings.
-
To the right of a notification message, click the pencil icon and update the message in the field. Message fields support Markdown (for more information, see our Markdown Reference Guide).
Tip: You can also click Revert to default to restore the default message.
Setting
Description
Policy Denied Notification
This is a default notification that appears when any rule condition in a policy evaluates to "Deny" and does not allow authentication.
If you want to set a custom notification for individual rule conditions in a policy (e.g. a custom notification that the user is on an unsupported OS version and needs to upgrade to authenticate), you can do so on the Policy page. For more information, see How to define policies.
User Suspended Notification
This notification appears when the user's account has been deactivated to prevent the user from authenticating.
To reactivate an account, navigate to Users, click the deactivated user name, and click Reactivate User.
Deleted User Notification
This notification appears when the user cannot be authenticated because their account was deleted via the API (see https://docs.beyondidentity.com/api/v0#tag/Users/operation/DeleteUser).
If this was an error, you can add a user back via the Admin console by navigating to Users and clicking Add User. You can also add the user via the API.
Passkey Deleted Notification
This notification appears when the user cannot authenticate due to a missing certificate or passkey on the user's device most likely due to:
-
A password reset which changes the login password and rotates the Keychain and TPM or Secure Enclave.
-
The wrong password was entered and the operating system reset the password.
-
A backup was restored to a new or different device.The TPM or Secure Enclave is not be migrated because it is linked to the device's hardware.
Users will need to add a new passkey to the device. If you change the message, make sure to point users to steps to add a new passkey -- instructions are on the Beyond Identity support site at: https://support.beyondidentity.com/hc/en-us/articles/6903558669207/
Passkey Not Found Notification
This notification appears when the user cannot authenticate because a passkey for the account was not found on their device.
If users have the passkey installed on a different device, such as their cell phone, they can migrate their existing passkey to the current device. For instructions, see:
Windows: https://support.beyondidentity.com/hc/en-us/articles/6763368950295/
macOS: https://support.beyondidentity.com/hc/en-us/articles/6922972670615
iOS: https://support.beyondidentity.com/hc/en-us/articles/6921300831383/
Android: https://support.beyondidentity.com/hc/en-us/articles/6921633765655/
Linux: https://support.beyondidentity.com/hc/en-us/articles/6922744089111
Passkey Not Found With Fallback Notification
This notification appears when the user cannot authenticate because a passkey for their account was not found on their current device.
If users have the passkey installed on a different device, such as their cell phone, they can migrate their existing passkey to the current device. For instructions, see:
Windows: https://support.beyondidentity.com/hc/en-us/articles/6763368950295/
macOS: https://support.beyondidentity.com/hc/en-us/articles/6922972670615
iOS: https://support.beyondidentity.com/hc/en-us/articles/6921300831383/
Android: https://support.beyondidentity.com/hc/en-us/articles/6921633765655/
Linux: https://support.beyondidentity.com/hc/en-us/articles/6922744089111
Authenticator Launch Error
This notification appears when communication cannot be established with the authenticator. Users should confirm that the authenticator is installed on the device, and if so, launch it to confirm that it's working.
Login Hint Mismatch
This notification appears when there is a login hint mismatch error for OIDC or WS-Fed requests. The login hint type is configured under Integrations > OIDC or Integrations > WS FED.
-
-
Click Save Changes when finished.
When processing the authentication, the following error may display in the browser tab.
The following image shows an example of a notification on a macOS device:
Comments
0 comments
Please sign in to leave a comment.