Users receive PUSH notifications on their mobile that they did not initiate. 

Important: Never accept a PUSH notification you did not initiate. Immediately reject the notification by clicking the X or by swiping left in the app and contact your organization's helpdesk or IT support.

If you are using an application that requires you to accept a VIP PUSH notification on your mobile device during login (such as Office 365), the login session may automatically expire after a certain amount of time or when left idle too long. When this happens, the VIP validation session also expires. As a result, the application may auto-refreshes or prompt you to log in again to establish a fresh session. For your security, VIP detects this change and also requires a fresh successful validation by sending a PUSH or prompting for your security code. When an auto-refresh occurs (no username+password required), a VIP PUSH notification is still sent to your device to verify the login, even if you are away from your device when it occurs. 

To avoid unexpected PUSH notifications, close or log out of the application(s) or device(s) while not in use. If your organization allows it, you can use a non-PUSH VIP credential such as VIP Access for Desktop or a VIP hard token. If you have any questions, please reach out to your IT support team.