Login  
Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Contents

Configure Alternate 2FA Login Methods

It's crucial to provide Alternate authentication options when users forget their phone settings or lose access to their primary 2FA method.

To configure an alternate login method, follow the below steps:

  • Login to the admin dashboard and locate 2-Factor Authentication >> Alternate 2FA Login Methods option from the left sidebar
    • miniOrange Identity Platform Admin Handbook: 2-Factor Authentication > Alternate 2FA Login Methods

    Note: Checking this option will enable Forgot My Phone for end users during Login.
    Please use this configuration cautiously since it can be misused by fraudsters to bypass your desired authentication.


  • Enable the Forgot Phone toggle and select one out of three options:
    Option Description
    Security Questions (KBA) Select this option so users who use Forgot My Phone can prove their identity by answering their configured knowledge-based authentication (KBA) security questions.
    Security Questions (KBA) + OTP Over Alternate Email Select this option for a stronger flow. Users complete KBA and must also enter a one-time password (OTP) sent to their alternate email address.
    OTP Over Alternate Email Select this option so users receive a one-time password on their alternate email only, without a separate KBA step.
    miniOrange Identity Platform Admin Handbook: Forgot Phone Settings

  • Switch the next toggle, if you wish for your users to select their alternate login method.
    • miniOrange Identity Platform Admin Handbook: Users to select their alternate login method

  • The last toggle, Enable End Users to Use Security Codes to Login, enables signing in with security codes. Select one of the following options:

    [To be released soon.]

    Option Description
    Allow Static Long Lived Codes Select this option to enable static long-lived security codes. These codes do not have a time-based validity after which they expire on their own. If an end user uses a given code once for a successful login, that code expires, so each code is limited to a single login.
    Allow One-Time Backup Code Select this option to enable one-time backup codes. Administrators can generate a secure backup code for a user when their primary 2FA method is unavailable. Each generated code can be used only once for login or recovery.
    Allow Both Codes Types Select this option to enable both static long-lived codes (reusable until you replace or revoke them) and one-time backup codes (admin-generated, single-use when primary 2FA is unavailable).

    • Note: If you enable both code types, the user can use either static long-lived codes or one-time backup codes for login. However, once a code is used, it expires and cannot be used again.


    miniOrange Identity Platform Admin Handbook: Enable End Users to Use Security Codes to Login and code-type options

  • Click on Save to apply the configuration.
  • Once enabled, the Generate Backup Code option will be available under user actions.