Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Multi-factor authentication for Customer and Consumer Service Portals

Log in to subscribe to topics and get notified when content changes.

Multi-factor authentication for Customer and Consumer Service Portals

Multi-factor authentication, also known as two-step verification, is a security requirement that asserts a user enter more than one set of credentials.

Enable multi-factor authentication for Customer and Consumer Service Portal users so that access to the self-service web portals is more secure from potential vulnerabilities. For more information, see Multifactor authentication (MFA).

Multi-factor authentication properties

Use properties to enable role-based multi-factor authentication criteria and configure the behavior.
Property Description
Enable Multi-factor authentication


Select this check box to allow users and administrators to use this feature.
  • Type: enabled | disabled
  • Default value: enabled
  • Location: Multi-factor Authentication > Properties
Number of times a user can bypass setting up multi-factor authentication


Enter a number that represents how many times a user can choose to skip the additional passcode requirement. This gives your users the ability to still log in the instance if they do not have their mobile device with them. If you disable this feature and then re-enable it, the counter starts over again.
  • Type: string
  • Default value: 3
  • Location: Multi-factor Authentication > Properties
The time in minutes, the one time code sent to user's email address is valid for


Enter a number in minutes that specifies how long the reset code is valid. See Log on with multi-factor authentication.
  • Type: string
  • Default value: 10
  • Location: Multi-factor Authentication > Properties
Additional time in seconds for which the code will be valid to accommodate for the clock skew. Max value is 60 seconds.


Enter a number in seconds with a maximum of 60.

By default, the instance validates the code entered by the user against the single app-generated code generated at whatever the current time is. You can skew the time window with this property and allow one or more codes generated during a time window to be considered valid.

The property's value is used in the following calculation: current time - x/2 and current time + x/2, where 'x' is the value of this property. If you use the value of 10, for example, the instance considers any codes generated by the app between the time range [the current time - 5 seconds] and [current time + 5 seconds] to be valid.

Use this property to prevent log in issues where the user is unable to enter the correct code in the default time allotted.

Configure roles for multi-factor authentication

Add the following external roles to the multi-factor roles:
  • sn_customerservice.customer
  • sn_customerservice.consumer
Users with these roles will be required to use multi-factor authentication. For more information, see Require MFA for a role.