Authentication via Email
- Nathaniel Halbrooks
- Kelli Higdon
Overview
When MFA is enabled for a user and MFA type is Email,
After login, a new prompt is made requesting a verification code which will be sent to the user's email address. User can use this OTP to login
The verification code (OTP) will expire after 30 minutes.
The user gets 3 login attempts before the verification code expires.
Users can ask for a maximum of 3 requests to resend OTP every 1 minute. If the user exceeds maximum attempts they can refresh the browser and try again
The verification code expires immediately after a successful login.
OTP - Email Template
Email from address would be <AMPUSERMANEMAILFROM>
Email subject will have PBX brand and the configured server details. (FREEPBX_SYSTEM_IDENT)
Admin Login Example
UCP Login Example
Trust Device Checkbox
When the user selects the "Trust this device for 7 days" checkbox, after validating OTP user will not be prompted for an verification code for the next 7 days
Recovery Codes
If user can't get codes by text, call, or Google Authenticator, they can use backup codes to sign in to PBX. Once the user uses a backup code to sign in, that code becomes inactive. Userman users can generate/ regenerate / delete / download backup codes from UCP Settings.