Enable 2FA

This page is out-of-date. Go to Enable 2FA in the new 2FA & RBA guide. Please update your bookmarks!

If you’re using Hosted Login v2, you can enable 2FA by adding the authentication.second_factor setting in the Identity Cloud Console.

In general, settings can be added to Global Settings or to a specific property. In this case, 2FA should not be enabled as a global setting unless all your clients are configured to use Hosted Login v2. If you still have v1 clients, 2FA should be enabled at the property level only.

The steps below enable 2FA for a specific property:

  1. Navigate to your application in the Identity Cloud Console
  2. Navigate to MANAGE PROPERTIES
  3. Click the Actions menu ( ) for your Login Client and select Edit. This will take you to the page for viewing and editing your property. View/Edit property in Console
  4. Click the EDIT SETTINGS button at the bottom of the Settings section
  5. Click the Add Setting icon (Add Setting button). This will add a new line to the bottom of the list.
  6. Type or paste in the new setting name: authentication.second_factor
  7. Click on the Create authentication.second_factor. popup Create 2FA setting in Console
  8. Type in the value for this setting: true 2FA setting value in Console

    Tip! If you ever want to disable 2FA, you can set this value to false or delete this setting.

  9. Click the Save icon (Save button)

It may take a few minutes for your changes to be reflected in Hosted Login after you add or update a setting in Console.

The next time you perform a login or registration, you will be prompted to provide the code that was sent to your email address. 2FA code screen in Hosted Login

Note that if the user has a valid mobileNumber value in their profile, this screen will look a bit different. We’ll get into this next.