search
auth

Second-Factor Authentication

Second-factor authentication requires users to confirm their identities through another method in addition to the usual username/password credentials. After a user supplies a username and a password, the app sends the user a confirmation code through SMS or Email. The user must enter that confirmation code before access to the app is granted.


How It Works

The following diagram depicts the sign-in flow:

alt text


If you’re familiar with OpenID Connect (OIDC) specifications, the Web App is the Relying Party, and the ForgeRock Identity Cloud is the Authorization Server.

For more information, see the NPM ForgeRock JavaScript SDK package.