Delivers one-time passwords via email to the user's registered email address for authentication. This factor provides wide accessibility as it works with any email account and doesn't require mobile phone access.
| Requirement | Status | Description |
|---|
| Email Address | ✅ Required | Valid email address must be registered during activation |
| Email Access | ✅ Required | User must be able to access their email account |
| Internet Connection | ✅ Required | Device must have internet access to check email |
| REL-ID Email Service | ✅ System Provided | REL-ID platform handles email delivery |
- Email Verification: System confirms user has registered email address
- OTP Generation: 6-digit numeric code generated by system
- Email Composition: Authentication email created with OTP code
- Email Delivery: Message sent to user's registered email address
- Email Access: User opens email client or webmail to retrieve code
- Code Extraction: User locates 6-digit code within email message
- Code Entry: User manually enters code on web authentication portal
- Server Validation: System validates entered code against generated code
- Authentication Result: Valid code allows authentication to proceed
| Setting | Location | Description | Impact |
|---|
emailOtp | allowed.auth.factors | Enable/disable Email OTP for authentication | Controls if Email OTP available during login |
emailOtp | allowed.reg.factors | Enable/disable Email OTP registration | Controls if users can register email addresses |
- Address Entry: User provides email address during activation or in User Portal
- Format Validation: System checks email format and domain validity
- Test Email: Verification code sent to provided email address
- Email Reception: User checks email and locates verification message
- Confirmation: User enters verification code to confirm email ownership
- Storage: Verified email address stored for future authentication use
- Portal Access: User accesses security settings in User Portal
- Re-authentication: Full authentication required before email change
- New Address Entry: User provides replacement email address
- Verification Email: Test code sent to new address for verification
- Email Check: User accesses new email account to retrieve code
- Confirmation: User enters verification code from new email
- Update Complete: New email address replaces old address in system
| Component | Purpose | Customization |
|---|
| OTP Image | Visual enhancement and branding | ✅ Customizable |
| Email Layout | Professional appearance | ✅ Template customizable |
| Branding Elements | Corporate identity | ✅ Logo and colors configurable |
| Feature | Capability | Implementation |
|---|
| Multi-language | Text in user's preferred language | Language-specific email templates |
| Localized Images | Language-appropriate graphics | Locale-specific image folders |
| Cultural Adaptation | Region-appropriate formatting | Configurable date/time formats |
| Characteristic | Details | Notes |
|---|
| Delivery Time | Usually 1-60 seconds | Can vary by email provider and server load |
| Code Length | 6 digits | Standard numeric format |
| Expiration | Configurable (typically 5-10 minutes) | Code becomes invalid after expiration |
| Resend Capability | Available if initial email not received | Rate limiting may apply |
| Spam Filtering | May affect delivery | Users advised to check spam/junk folders |
- Email Delivered: Message successfully reaches user's email inbox
- Code Retrieved: User successfully locates and reads the authentication code
- Correct Entry: User enters exact 6-digit code from email
- Timely Use: Code used within expiration time limit
- Email Accessible: User can access their email account without issues
| Failure Type | Cause | User Experience | Resolution Options |
|---|
| No Email Address | User hasn't registered email address | "No email address registered" error | Guide user to email registration process |
| Email Not Delivered | Server issues, invalid address, or spam filtering | No email received | Check spam folder, offer resend, or alternative auth |
| Wrong Code | User entered incorrect digits | "Invalid code" error message | Allow retry with same code |
| Expired Code | Code used after expiration time | "Code expired" error | Generate and send new code |
| Email Access Issues | Password forgotten, account locked | Cannot access email | Provide alternative authentication methods |
- Check Spam Folder: Authentication emails may be filtered as spam
- Email Provider Issues: Temporary server problems may delay delivery
- Invalid Address: Typos or outdated email addresses prevent delivery
- Corporate Filtering: Company email systems may block external emails
- User Option: "Resend Email" link available if code not received
- Rate Limiting: Time delays between resend attempts to prevent abuse
- Alternative Delivery: Some systems may offer SMS backup if email fails
- Support Guidance: Users directed to check email settings and spam filters
- Registration Required: Email must be registered before Email OTP can be used
- Verification Process: All addresses verified through test email during registration
- Update Capability: Users can change email addresses through User Portal
- Security: Email changes require re-authentication to prevent unauthorised access
- Multiple Addresses: Some systems may support backup email addresses
