Confirmation codes sent in SMS and push notifications#

You can use push notifications sent to the mobile app or SMS messages for login confirmation (the second authentication factor).

To use the confirmation codes, you must:

  • configure and enable the authentication method “Confirmation by code”. For the method to work correctly, it is necessary to define:

    • length of the confirmation code;

    • validation time;

    • number of attempts to enter the confirmation code for 1 login;

    • total number of attempts (number of code sends and code entry attempts, after which this authentication method will be temporarily blocked for the user);

    • blocking time when attempts are exceeded (in minutes);

    • configure the sending methods:

      • send push notification - you should specify an attribute with a cell phone number or other user ID required by the service, for example, ${phone_number};

      • send SMS - specify attribute with user’s cell phone number, for example, ${phone_number};

  • configure Blitz Identity Provider connection to the SMS gateway and push notification service (see Notifications and sending messages).


If the user does not have a mobile phone number, he will not be able to use method of login verification by confirmation code sent via SMS.


Confirmation codes settings for two-factor authentication#

By default, single settings are used for confirmation codes sent for checking the first and the second factor (see Login with confirmation codes). In order to separate the settings, you should follow the link “Method Customization Profiles” in the block “Method Customization Profiles”. Then the settings will be separated and it will be possible to switch between the first and the second factor.

If it is necessary to switch to unified settings, click the “Convert to a single profile” link in the “Method Customization Profiles” block.