Logging in with email#
Blitz Identity Provider allows logging in using email as the first authentication factor. In this case, for logging in a user is required to enter the code sent to their email address. To configure the method, follow the steps below.
Step 1. Add the method to blitz.conf#
To make the Authentication by email method appear on the First factor tab, do the following:
Open the
/usr/share/identityblitz/blitz-config/blitz.conffile.sudo vim /usr/share/identityblitz/blitz-config/blitz.conf
In the first list of the
blitz.prod.local.idp.login.factorssettings block, add a new block with theemailmethod:"login" : { "factors" : [ [ … ], [ { "enabled" : false, "method" : "email" }, … ] ], … }Restart the services.
sudo systemctl restart blitz-idp blitz-console blitz-recovery
Step 2. Configure the method in the console#
In the admin console, do the following:
On the Authentication by email tab, configure the following settings:
Method of account identification – specify a regular expression. For example, the
email=${login}rule means that the value entered by a user in the login form will be matched with theemailattribute.Length of the confirmation code.
Code validity period.
Number of attempts per log-in to enter the confirmation code.
Total number of attempts (number of code sends and code entry attempts, after which this authentication method will be temporarily blocked for the user).
Blocking time when attempts are exceeded (in minutes).
Sending method: specify the attribute as an expression that indicates where a user’s email address is stored, for example,
${email}.
Set the attribute store selection rule to search for a user-entered email address.
Enable the Authentication by email method on the Authentication -> First factor tab.
Configure the Blitz Identity Provider connection to the SMTP service.