By: Stephen Charlton user 11 Nov 2021 at 8:28 a.m. CST

0 Responses
Stephen Charlton gravatar
We are evaluating Gluu custom MFA. I asked a similar question earlier here but this one is a different requirement so I thought to keep it separate. One of the requirements we must meet is for users who have not enrolled 2FA credentials, to be forced to do so during the login flow. As mentioned in the documentation here we have altered the login flow to check for credentials and redirect to custom pages that implement enrolment. We have added the following two extra steps to our login interception script if the user has not enrolled 2fa: - A step where users can enter their phone number and are sent a OTP. - A step where users enter the OTP they received and if it is correct, their phone number is stored in the database. We have another requirement on the enter OTP page (step 2 above). We need to add a “send OTP again” link. When this link is clicked, it should replay the current step and send another OTP to the user’s phone. Is there a way we can implement this ? Many thanks in advance, Stephen