REL-ID for MobileREL-ID APIsREL-ID for Web
Guides
Start typing to search…

Step 1: Validate Access Code

🎯 Purpose

Validates that users control one of their registered communication channels (email or SMS) by requiring them to enter a verification code sent to that channel.

📍 Step Execution Context

⚙️ When This Step is Required

  • First Factor Failure: User has not successfully validated their first factor
  • Secure Cookie Scenario: User's first factor was based on Secure Cookie only
  • Configuration Dependent: System configuration determines if step can be skipped

⚙️ When This Step Can Be Skipped

  • Successful First Factor: User successfully completed first factor authentication
  • Configuration Override: System configuration allows step bypass

🔄 Access Code Validation Process

📧 Code Generation and Delivery

  1. Channel Selection: System determines available communication channels (email/SMS)
  2. Code Generation: 6-digit numeric verification code created
  3. Code Delivery: Code sent via email or SMS to registered address/number
  4. User Notification: User informed that code has been sent

🖥️ Access Code Validation Screen

📊 Access Code Handling

🔍 Code Source Priority

Code SourcePriorityDescription
Pre-generated Code1stUse existing code stored on user profile
Generated Code2ndGenerate new code if none exists
No Code AvailableErrorError shown if code generation disabled

📧 Code Generation Logic

🛡️ Security Features

🔒 User Existence Handling

  • Non-existent Users: System still asks for access code but validation will fail
  • Deleted Users: Users in DELETED status cannot successfully validate
  • Privacy Protection: Same interface shown regardless of user existence
  • Security Measure: Prevents user enumeration attacks

📊 Validation Security

  • Time Limits: Codes expire after configurable time period
  • Attempt Limits: Limited number of validation attempts allowed
  • Rate Limiting: Prevents brute force attacks on codes
  • Single Use: Each code can only be used once successfully

🔄 Validation Flow

✅ Successful Validation

❌ Failed Validation

📧 Communication Channel Details

📮 Email Delivery

  • Email Content: Professional email with 6-digit code
  • Delivery Time: Usually within 1-2 minutes
  • Spam Considerations: Users advised to check spam folders
  • Format: Clear, easy-to-read code presentation

📲 SMS Delivery

  • SMS Content: Simple text message with verification code
  • Delivery Time: Usually within 30 seconds to 2 minutes
  • Carrier Compatibility: Works with major mobile carriers
  • Format: Optimized for SMS length constraints

⚠️ Important Step Notes

🔧 Configuration Dependencies

  • Channel Availability: User must have registered email or mobile number
  • Service Configuration: Email/SMS services must be properly configured
  • Generation Settings: Code generation must be enabled in system
  • Bypass Rules: Configuration determines when step can be skipped

🚨 Error Scenarios

  • No Registered Channels: User has no email or mobile number registered
  • Service Outages: Email or SMS services temporarily unavailable
  • Delivery Failures: Network issues preventing code delivery
  • Configuration Issues: System misconfiguration preventing code generation

Updated 15 days ago