Secondary email for authentication and recovery

After you upgrade to Identity Engine, learn about the changes to using a secondary email address for authentication and self-service account recovery.

Change summary

Authentication prompt is only sent to the primary email address. The secondary email address no longer receives the authentication prompt.

Verification codes for account activation and recovery are sent to both primary and secondary email addresses.

Admin experience If you allowed both primary and secondary email addresses for authentication in Classic Engine, you must use an alternate authenticator such as biometric. You don’t have to do anything if you allow both email addresses for account activation or recovery.
User experience If the user has the Email authenticator enrolled and if the policy allows it, the primary email address appears as an authenticator. The user receives account activation and recovery verification codes to primary and secondary email addresses.
Related topics

Create an authentication enrollment policy

Self-service account recovery