Login with confirmation codes#

You can use push notifications sent to the mobile app or SMS to verify:

To use the confirmation codes, you must:

  • configure and enable the authentication method “Confirmation by code”. You need to configure:

    • way to identify an account - specify a regular expression. For example, the phone_number=${login} rule means that the value entered by the user in the login form will be matched with the phone_number attribute;

    • length of the confirmation code;

    • validation time of the confirmation code;

    • number of attempts to enter the confirmation code for 1 login;

    • total number of attempts (number of code sends and code entry attempts, after which this authentication method will be temporarily blocked for the user);

    • blocking time when attempts are exceeded (in minutes);

    • configure how to send the code:

      • send push notification - you should specify an attribute with a cell phone number or other user ID required by the service, for example, ${phone_number};

      • send SMS - specify attribute with user’s cell phone number, for example, ${phone_number};

  • configure Blitz Identity Provider connection to SMS gateway and the push notification service.


If the user does not have a mobile phone number, he will not be able to use method of login verification by confirmation code sent via SMS.


By default, single settings are used for confirmation codes sent for verification of the first and the second factor. To separate the settings, click on the link “Configure a profile for each factor” in the block “Method Customization Profiles”. Then the settings will be separated and it will be possible to switch between the first and the second factor.

If it is necessary to switch to unified settings, click the “Convert to a single profile” link in the “Method Customization Profiles” block.