Skip to main content

Multi-factor signup

Supported multi-factor signup methods

MFA signup flow

Identity Cloud supports the following multi-factor sign-up methods:

Multi-factor self-service signup methods

Signup with email

Signing up with an email and password is the default, first authentication method for users to register with. This method is always active and cannot be disabled with multi-factor authentication. For more information, see Password.

With multi-factor authentication, additional authentication methods are set up as second factors after the password.

To sign up with an email:

  1. On the Login page, click Create account.
  2. Enter the preferred email address and click Continue.
  3. Enter the verification code that you received through email and click Verify.
    • If the verification code is correct, the Set password page opens.
    • If the verification code is incorrect, you have the option to enter it again, or you can get a new code by clicking get a new code.
  4. On the Set password page enter a password and click Continue.
    • If the password does not meet the criteria, an error message is displayed with details of the criteria to be met.
    • If the password meets the criteria, the account is created, and the Second factor page opens.
  5. Depending on the enabled authentication methods for multi-factor authentication, you can set up the following second factor authentication methods:

Signup with authenticator app

To continue with the Authenticator app, perform the following steps:

  1. Choose an authenticator app from the list. Click the link to download and install the authenticator app from the app store.
  2. Scan the QR code with the authenticator app, or enter the setup key and click Continue.
  3. Enter the verification code generated by the authenticator app and click Verify.
    • If the verification code is incorrect
      • an error message appears, and you can enter the code again.
      • entering the code incorrectly five times will lock the user for 15 minutes.
    • If the entered code is correct, the Second factor page opens.
  4. On the Second factor page select from the following options:
    • Register another second factor authentication method.
    • Click Continue and the flow continues with Recovery codes.

For more information, see Time-based one-time password.

Signup with SMS

To continue with SMS, perform the following steps:

  1. Enter the phone number on the Text message page and click Continue. The system sends an SMS to the provided phone number. This message contains a verification code.
  2. Enter the verification code on the Text message page and click Verify.
    • If the verification code is incorrect, an error message appears, and you can enter the code again.
    • If the entered code is correct, the Second factor page opens.
  3. On the Second factor page choose from the following options:
    • Register another second factor authentication method.
    • Click Continue. The flow continues with Recovery codes

For more information, see SMS.

Recovery codes

The Recovery codes are a mandatory part of the flow. They are automatically generated after any of the second factors are set up. For more information, see Recovery codes.

After clicking Continue on the Second factor page, the Recovery codes page opens. Here you can download, copy or print the recovery codes.

Click Continue to create the account, and log into the application. In the case of Signup with invitation you are redirected to the Default return URL.

Signup with social accounts

In the case of a multi-factor login flow where a social provider is used (Google, Microsoft, Apple, Facebook) there is no need to register and use a second factor such as SMS, authenticator app and recovery codes.

Verification is done by completing the social provider's verification steps.

Signup and login with social accounts can be treated as one flow. If the user does not yet have an account with Identity Cloud, the new user account is created after successful authentication with a social identity provider and successful email verification.

The difference between signup and login with social accounts is, that in the case of signup, a new user is created in the system. In the case of login, the user already exists.

If the user account with Identity Cloud already exists with an email and password, or with another social identity provider, registering a new social identity provider with matching email for login links it to the already existing user account in Identity Cloud after successful email verification.

To sign up with a social identity provider:

  1. On the Login page, select the icon with the logo of the social identity provider of choice. The login page of the social identity provider loads.
  2. Go through the authentication flow of that social identity provider.
  3. Enter the verification code you received through email.
  4. Click Verify.
note

During signup with social identity providers, the user may be prompted to allow Identity Cloud to use their information from the social identity provider. Denying access to the information terminates the signup flow.

Invite-initiated signup with Identity Cloud

Signup with invitation

You can invite the user directly from the Management console using user invitations. This signup method is always initiated by the administrator from the Management console. An invitation link is sent to the user's email address. For more information, see Invite users.

In multi-factor authentication, additional authentication methods are set up as second factors after the password.

To sign up with an invitation:

  1. Locate the invitation email in the mailbox and click the link URL in it.
  2. The Set your password for page opens with a prefilled email. Enter a password and click Continue.
    • If the password does not meet the criteria, an error message is shown with details of the criteria to be met.
    • If the password meets the criteria, the Terms and conditions page opens.
  3. Click Continue to accept the terms and conditions.
  4. Depending on the enabled authentication methods for multi-factor authentication, the user can set up the following second factors by clicking on them: