-
Type:
Story
-
Status: Closed
-
Priority:
Major
-
Resolution: Completed
-
Affects Version/s: None
-
Fix Version/s: 7.3.10 DXP GA1, Master
-
Component/s: Application Security > Multi-Factor Authentication
-
Labels:
-
Epic Link:
-
Sprint:Iteration 30, Iteration 31, Iteration 32, Iteration 33, Iteration 34, Iteration 35, Iteration 36
Description
The End User can send Email OTP code and can enter that code during the authentication process.
With having the email OTP set only with no other type of verification steps, after changing the password through the Forgot Password function without singing into the portal there is not email verification as that would mean two emails sent to the user that they need to go and get info from to be able to sign in. This may not be the best user experience and it makes no sense to send two emails with similar purpose from security perspective either.
However, from the security perspective that may be more reasonable to have a verification step at changing password once the end user signed in. That may also be reasonable to have a verification step at changing other sensitive data like the e-mail address or the answer to the security question.
Design Deliverables
Acceptance Criteria
- As an End User, I want to see the Email One Time Password screen during my login process
- As an End User, I want to be able to request a one time password by clicking on a button
- As an End User, I want to be able to send the received one time password by clicking on a button to verify my identity
- depends on
-
LPS-102590 [Prod] Find out what should happen when one of the verification steps is off
-
- Closed
-
-
LPS-102591 [Prod] Find out what should happen if a user is unauthenticated as didn't fulfill Email OTP (any type)
-
- Closed
-
- relates
-
LRDOCS-7697 User Document for Multi-factor atuthentication
-
- Closed
-