27 July 2023 (v2.97)

ReachFive v2.97 provides further improvements to our Risk-based Authentication feature, allows you to verify phone numbers of unauthenticated users, and makes End Job Notification webhooks available to export jobs. There are also several other general improvements. As always, we fixed a few issues.

Release highlight

Risk-based Authentication

We have further improved our Risk-based Authentication feature. Now, when a login attempt meets the "risky" threshold, a notification is sent to the user (via email or SMS) if there is no second factor (MFA) associated with the account. If the user does have a second factor enabled, they’ll be asked to perform a stepup operation to ensure it is indeed them trying to log in.

The notifications are sent via two new templates:

  • Risky Login Notification email template found in the ReachFive Console at Settings  Emails  Templates

  • Risky Login Notification SMS template found in the ReachFive Console at Settings  SMS  Templates

For a complete look at the RBA within ReachFive including the new templates, check out Risk-based Authentication.

Verify phone numbers

With this release, we have introduced a way to verify phone numbers of users who haven’t yet authenticated via your app or site. To do so, you’ll need to use the following new endpoints:


Sends an SMS with a verification code so the user can verify the supplied phone number.


Sends the verification_code received from the verification request to confirm the user’s phone number.

End Job Notification webhooks

End Job Notification webhooks were previously only available to import jobs. Now, they are also available to export jobs.

For more details, check out Export job webhook.

end job notification webhook flow

Other improvements

  • You can now update user profiles without providing an ID such as an email or phone number.

  • We have improved the error messaging for when MFA is not enabled in the ReachFive Console to give more specific help.

  • From this release, you’re now able to update the email_verified and phone_number_verified fields with import jobs.

    For more details, check out our Imports documentation.


Item Fixed

There was a moderate security vulnerability identified that was remedied.

In some limited cases, you were unable to view newly-created users on the ReachFive Console.

In some cases, jobs got stuck in the WAITING status causing timeouts.

In limited instances, the error key wasn’t matching the OAuth response for suspended users, causing an HTTP 500 error.

Sometimes, when getting the auth_type for a user, we were only receiving the latest connection information instead of all the ways the user had authenticated.