Secondary email for authentication and recovery

Learn about the changes to using a secondary email address for authentication and self-service account recovery.

Change summary Authentication prompt is only sent to the primary email address. The secondary email address no longer receives the authentication prompt.

Verification codes for account activation and recovery are sent to both primary and secondary email addresses.

Admin experience If you allowed both primary and secondary email addresses for authentication in Classic Engine, you must use an alternate authenticator such as biometric.

You don’t have to do anything if you allow both email addresses for account activation or recovery.

User experience If the user has the Email authenticator enrolled and if the policy allows it, the primary email address appears as an authenticator.

The user receives account activation and recovery verification codes to primary and secondary email addresses.

If secondary email is enabled but the user hasn't provided it, they're prompted for it the first time they sign in after the upgrade.

Related topics Create an authenticator enrollment policy

Self-service account recovery