Logging in with confirmation codes

You can use push notifications sent to the mobile app, or SMS as the first factor of authentication.

Attention

If a user does not have a mobile phone number, they will not be able to use the login verification via SMS.

To use the confirmation codes, you must:

• configure and enable the authentication method Authentication by code sent via SMS/push. You need to configure:

  • way to identify an account - specify a regular expression. For example, the phone_number=${login} rule means that the value entered by the user in the login form will be matched with the phone_number attribute;

  • length of the confirmation code;

  • validation time of the confirmation code;

  • number of attempts to enter the confirmation code for 1 login;

  • total number of attempts (number of code sends and code entry attempts, after which this authentication method will be temporarily blocked for the user);

  • blocking time when attempts are exceeded (in minutes);

  • configure how to send the code:

    • send push notification - you should specify an attribute with a cell phone number or other user ID required by the service, for example, ${phone_number};

    • send SMS - specify attribute with user’s cell phone number, for example, ${phone_number};

  

  • rule for selecting an attribute store to search for a phone number entered by a user.

  

• configure Blitz Identity Provider connection to SMS gateway and the push notification service.