OTP MFA

The One-Time Passcode (OTP) MFA method screen provides an additional layer of security during the Authenticate step by requiring customers to enter a time-sensitive passcode. This method supports multiple delivery channels and offers customizable options to fit your brand’s security and usability requirements.

Supported delivery methods

OTP can be delivered via the following methods:

• Email
• Phone (SMS)
• Soft Token (e.g., an authenticator app)

Features across all methods

1. Resending notifications
   For email and phone (SMS) delivery methods, customers can resend the notification if they don’t receive the initial OTP.
   Sending a new OTP automatically invalidates the previous passcode for security.
2. Device recognition
   If device recognition is enabled as a step-down rule in the Adaptive Access policy, customers will see the option to Remember this device for X days.
   The number of days is configurable, and you can choose whether this feature is selected by default.
3. Fallback to other MFA methods
   If customers prefer a different MFA method, they can choose Try another method to switch to an alternative authentication option available to them.

Notifications and customization

• Notification templates
  OTP delivery content can be customized in the @email and @sms one-time passcode templates within your Notification policy.
• Expiry and security
  OTP expiry times are configured in the Adaptive Access policy to ensure timely usage.