Override Second Factor Configuration
Overview
The configuration parameter override.allowed.auth.ar.idv.reg.second.factor enables administrators to override the default second-factor authentication mechanism used in both Authentication Login and Account Recovery (Web Authorization) flows.
By default, these flows rely on IDV method verification or Push Notification as the second factor. However, with this configuration, the system can be instructed to enforce OTP-based verification (via Email or SMS) instead — providing flexibility to adapt to specific customer, compliance, or deployment requirements.
Configuration Key
| Parameter Name | Possible Values | Default Value | Type |
|---|---|---|---|
| override.allowed.auth.ar.idv.reg.second.factor | emailOtp / smsOtp | Not Set (disabled) | String |
Description
When enabled, this configuration allows the system to bypass the default IDV (Identity Verification) or Push Notification methods and instead enforce OTP-based verification as the secondary authentication factor.
Depending on the selected value, the system behavior changes as follows:
emailOtp– Users receive a One-Time Password on their registered email for verification.smsOtp– Users receive a One-Time Password on their registered mobile number (via SMS) for verification.
This override applies uniformly to:
- Authentication Login Flow
- Account Recovery (Web Authorization) Flow
Updated 19 days ago