2FA and user registrations
Registering New Users When Using 2FA
So what happens after 2FA has been enabled? To better explain how 2FA works, letโs start by recapping the registration experience in Hosted Login v1. In Hosted Login v1, you can create a new account in one of two ways:
-
By supplying an email address and password. This is known as a โtraditionalโ registration.
-
By logging on to a social login provider such as Facebook or Twitter, and by using an existing account with that provider as your Identity Cloud account. After youโve logged on to your social provider, youโre then required to supply your email address (as well as any other required attributes) before your account is actually created.
Regardless of how your account is created, youโll be logged on immediately after the account is created. In addition, youโll be sent an email address verification email similar to this:
To verify your email address, just click the link in the email verification message.ย
Now, letโs compare this to the user registration process in Hosted Login v2 (or, more correctly, the registration process with 2FA enabled). Like Hosted Login v1, you can create a new account using either traditional registration or social registration. In this case, however, you arenโt immediately logged on after clicking the button to create that new account. Instead, an access code (a six-digit random number) is sent to the email address you supplied during the registration process. In addition to that, an Access Code Required screen is displayed:
You must retrieve the verification code emailed to you, type that code into the Enter Access Code field, and then click Continue. Only then will you be logged in, and only then will you be issued an access token.
In case youโre wondering, the email sent to you looks something like this:
Two things to keep in mind here:
-
You have 5 minutes in which to supply your access code; thatโs because codes expire after 5 minutes. If you wait too long, or if you enter an invalid code, registration will remain stalled. If that happens, just click Resend Access Code and request a new code.
Incidentally, the default access code lifetime (5 minutes) is not configurable.
-
During registration, access codes are only sent by using email. After an account has been created, however, youโll have the option of having codes sent either by email or by text message. See 2FA and user logins for more information.
Updated 12 months ago