Multi-factor Authentication
Multi-factor Authentication (MFA) is an authentication method that requires users to provide two or more verification factors to gain access to a resource. Enabling MFA on your site with ReachFive ensures your users must verify their login with a second factor (sms code, email link, etc.).
- Prerequisites
-
In order to use MFA, you must have the following features enabled and configured on your account:
SMS
Passwordless
SSO
| See the MFA methods in the Core SDK or the MFA endpoints in our Identity API for more information on using the MFA flow. |
Step-up authentication
Step-up authentication is a little different than traditional MFA, but it offers a balance between unnecessary friction in the user experience and enhanced security when accessing sensitive information. See the Step-up authentication flow for details on how Step-up authentication works with ReachFive.
| You must have MFA enabled on your ReachFive Console to use Step-up authentication. |
Step-up authentication is best used for specific actions such as:
-
Paying with a credit card
-
Changing personal account details
-
Adding authentication information
-
Signing in from a new device or location
| These are just examples and don’t represent all possible times you might use Step-up authentication. |
Step-up authentication flow
When a user is already logged in, but they want to access something secure or perform a sensitive action (like purchasing a product), you can configure the Step-up authentication flow. See the accompanying MFA flow table to follow along with the flowchart.
| A user must have already signed up and registered and verified their number for MFA for the below flow to be successful. |
| Step | Core JS SDK method | API operation | Notes | ||
|---|---|---|---|---|---|
1 |
User logs into the site.
|
||||
2 |
User browses the site; visits a product page. |
||||
3 |
Ensures the user has MFA credentials and has completed the registration process. |
||||
4 |
Initiates the stepup flow. |
||||
5 |
Starts the passwordless flow for MFA using the |
||||
6 |
Verifies the passwordless flow for MFA with the user verification code and |
||||
7 |
Confirms |
Configure MFA SMS template
You can configure the SMS template that users receive when authenticating via MFA.
| The MFA feature must be enabled on your ReachFive Console. Contact support if you would like the MFA feature. |
Instructions
-
Log in to your ReachFive Console.
-
Go to .
-
Enter the Verification Code Lifetime.
This specifies the validity period for the code in seconds. -
Enter your Message.
Currently, the following variables are available using liquid: Variable Description {{verification_code}}This is the generated verification code sent by the SMS. In other words, this is how long the user has to use the code.
Users enter this code as part of the MFA or Step-up authentication flow. {{user.email}}The user’s email address.
{{user.given_name}}The user’s given name (first name).
exampleNicole Dubois
{{user.family_name}}The user’s family name (last name, surname).
exampleNicole Dubois
-
Don’t forget to Save your input.
MFA user experience
By enabling MFA with ReachFive on your site, you can provide a secure, frictionless user experience.
A typical user journey is when Step-up authentication is configured so that MFA is only required during sensitive actions like making a purchase or changing personal details, similar to the video below.
| Configure the SMS template that is sent to users in this experience on the ReachFive Console. |