2FA messages

This page is out-of-date. Go to 2FA Messages in the new 2FA & RBA guide. Please update your bookmarks!

The default message sent to the user’s email address or mobile number is:

{{site_name}}: Your secure access code is {{code}}. Do not share this code with anyone. {{site_name}} will never ask you for it.
  • The {{site_name}} variable pulls the value from the site_name setting in the Identity Cloud Console. To customize your site_name, follow the instructions in the Hosted Login guide: Configure site name
  • The {{code}} variable populates the user’s 2FA verification code. This is handled for you by Hosted Login.

Note: site_name and code are the only variables which can be used in 2FA messages. So for example, adding a variable to populate the user’s name is not supported.

Examples: 2FA SMS message

You can customize the 2FA email and SMS messages using the Identity Cloud Flow Configuration API. See Add 2FA messages in the Hosted Login v2 Upgrade Guide for steps to add and customize these messages.