2FA messages

The default message sent to the user’s email address or mobile number is:

{{site_name}}: Your secure access code is {{code}}. Do not share this code with anyone. {{site_name}} will never ask you for it.
  • The {{site_name}} variable pulls the value from the site_name setting in the Identity Cloud Console. To customize your site_name, follow the instructions in the Hosted Login guide: Configure site name
  • The {{code}} variable populates the user’s 2FA verification code. This is handled for you by Hosted Login.

Note: site_name and code are the only variables which can be used in 2FA messages. So for example, adding a variable to populate the user’s name is not supported.

Examples: 2FA SMS message

You can customize the 2FA email and SMS messages using the Identity Cloud Flow Configuration API. See Add 2FA messages in the Hosted Login v2 Upgrade Guide for steps to add and customize these messages.

2FA Verification Code

2FA code in SMS message

The verification code sent to the end user during the 2FA process has two defining properties:

  • Format: Exactly 6 digits (Example: 258826)
  • Lifetime: Valid for 5 minutes

The character length, allowed characters, and lifetime are currently not configurable. These are fixed properties.