Page tree
Skip to end of metadata
Go to start of metadata

Overview

When MFA is enabled for a user and MFA type is Email,

  • After login, a new prompt is made requesting a verification code which will be sent to the user's email address. User can use this OTP to login

  • The verification code (OTP) will expire after 30 minutes.

  • The user gets 3 login attempts before the verification code expires. 

  • Users can ask for a maximum of 3 requests to resend OTP every 1 minute. If the user exceeds maximum attempts they can refresh the browser and try again

  • The verification code expires immediately after a successful login.

OTP - Email Template


Email from address would be <AMPUSERMANEMAILFROM>

Email subject will have PBX brand and the configured server details. (FREEPBX_SYSTEM_IDENT)


Admin Login Example

UCP Login Example

Trust Device Checkbox

When the user selects the "Trust this device for 7 days" checkbox, after validating OTP user will not be prompted for an verification code for the next 7 days

Recovery Codes

If user can't get codes by text, call, or Google Authenticator, they can use backup codes to sign in to PBX. Once the user uses a backup code to sign in, that code becomes inactive. Userman users can generate/ regenerate / delete / download backup codes from UCP Settings.

  • No labels