UserLock Push Application

The UserLock Push App is the mobile application which allows users to receive secure MFA push notifications to approve or deny login requests directly from their smartphone, providing fast, frictionless authentication.

When network access is unavailable, the app also generates offline TOTP codes.
In addition, it can store third-party TOTP accounts (e.g., Gmail, GitHub, Microsoft 365) to centralize all MFA credentials in one place.

• One-tap authentication: Approve or deny sign-ins instantly from your smartphone.

• Context-aware security: See login location, device, and timestamp before approving.

• Offline access: Use a TOTP code if you’re not connected to the Internet.

• Unified app: Manage all your UserLock and third-party accounts in one place.

• Remote ready: Works seamlessly with UserLock Anywhere for users outside the corporate network.

The UserLock Push App is available for:

• iOS 13.0+

• Android 5.0+

To use UserLock Push, the following conditions must be met:

• UserLock Server must have an Internet access with outbound HTTPS traffic (TCP 443) allowed to the following endpoints:

  • push.isdecisions.com

  • idp.isdecisions.com

• The Push notifications methods must be enabled under ⚙️ Settings ▸ MFA ▸ MFA methods

• UserLock Anywhere must be configured (to reach agents outside the network).

• The UserLock Desktop Agent must be installed on the workstations.

• The workstations must have Internet access when outside the corporate network.

• The user’s smartphone must have Internet access to receive push notifications.

• The user must be enrolled in the Push method.

When users log in to Windows, UserLock Push supports two authentication modes:

• Push notification (recommended):

  1. A notification appears on the user’s smartphone.

  2. The user reviews the login details (device, location, time) and taps Approve or Deny.

  3. The login completes immediately after approval.

  

• TOTP code (offline mode):
  If the device is offline or push delivery fails, the user can open the app and enter the 6-digit code displayed.

  

Each request includes context such as device name, location, and timestamp, helping users confirm authenticity before approval.

The UserLock Push App can manage both UserLock and third-party TOTP accounts (e.g., Gmail, Facebook, GitHub).

Tap + in the app to scan the QR code provided by the service.
The new account appears in the dashboard.

Select an account and tap Modify account to rename or update it.
To delete it, tap Delete account and confirm.

The Requests History feature allows you to review all recent push notifications sent by UserLock.

Each entry includes:

• Status: Approved, refused, or ignored

• Device name used during login

• Location and IP address of the attempt

• Date and time of the event

This feature helps users to:

• Verify legitimate access activity.

• Identify any suspicious or unauthorized login attempts.

• Report security issues quickly to their IT administrator.

Access Settings ⚙️ to personalize your app experience and enhance security.

• Use system theme: Switch between light and dark mode according to your device preferences.

• Biometric access (Face ID / fingerprint):
  Activate this option to protect access to the app.
  You will need to authenticate using Face ID or your fingerprint before viewing your MFA codes or approving requests.
  This prevents unauthorized individuals from accessing your codes if your phone is unlocked.

  Important

  Biometric access secures the app interface only — it does not approve login requests automatically.

• Help: UserLock Help Page

• Privacy Policy: View information about data protection and app privacy.

• Version: Displays the installed app version.