Email Authenticator

In the email authenticator flow, consumers receive the OTP on their registered email in the profile, which they consume at the second step of MFA.

Flow Diagram:

MFA Email Authenticator Configuration

Console

• LoginRadius Console configuration for Email Authenticatior is guided in the following document.

JavaScript Interface Integration

To use the LoginRadius JavaScript Interface for Email-based MFA:

1. Initialize the LoginRadius interface on your page as shown here.
2. Once you initialize the LoginRadius JS interface, follow this document to integrate the MFA interface in your application.
3. In the configuration options, add:
   • twoFactorAuthentication (Required): Set to true to enable MFA
   • emailTemplate2FA (Optional): Specify your custom SMS template name. If not provided, the default template will be used.
4. After login, you may offer users options to manage MFA (e.g., disable MFA if set to optional)

   For more information on custom MFA implementation, refer to the JS Form Library Guide.

• JavaScript Implementation (IDX Page Customization)

Use the following JS hooks to customize button labels:

LRObject.$hooks.register('beforeFormRender', function (name, _schema) {
  if (name === 'twofaemailotp') {
    LRObject.$hooks.call('setButtonsName', {
      'twofaemailotp': "Verify Email OTP",
      'resendotp': "Resend Verification Code to Email"
    });
  }
});

LRObject.$hooks.call('setButtonsName', {
  emailotp: "Send Email to",
  sendotp: "Send SMS to Phone",
  registration: "Register"
});

API-Based Implementation

Step-by-Step API Workflow

Note: Use server-side implementation for API calls requiring your API Secret.

• Log in using the first-factor MFA API:
• MFA Email Login API
• MFA Phone Login API

Handle the login response:

"SecondFactorAuthentication": {
  "SecondFactorAuthenticationToken": "xxxx-xxxx",
  "IsEmailOtpAuthenticatorVerified": false,
  "Email": ["xyz@example.com"],
  "EmailOTPStatus": { "Email": "xyz@example.com" }
}

• Email: List of registered emails.
  • IsEmailOtpAuthenticatorVerified: true if already enabled.
  • EmailOTPStatus: Status of OTP dispatch.

2. Trigger Email OTP (if not verified): Using Send MFA Email OTP by MFA Token API.

3. Verify Email OTP: Using Verify MFA Email OTP by MFA Token API with the OTP and MFA token.

4. (Optional MFA) Set up post-login: Using Verify Email OTP by Access Token API.

5. Resend Email OTP post-login: Send the MFA Email OTP using the Access Token.

6. Reset MFA Email OTP Settings:

   • Reset MFA Email OTP Settings
   • Reset MFA Email OTP Settings by UID

Sample Email Template

Use the following format for the verification email:

json
{
  "Type": "secondfactorauthentication",
  "Subject": "Verification Email",
  "Content": "Hi #Name#, <br/><br/>Your 2FA login verification code is <b>#OTP#</b><br/><br/>Regards,<br/>"
}

• Type: SECONDFACTORAUTHENTICATION = 16
• Merge fields:
  • #Name# – Consumer's name
  • #OTP# – Verification code

Related Resources

• Email Template Customization
• Multifactor Authentication Overview
• Standard Login
• JS Libraries