Secondary email for authentication and recovery
Learn about the changes to using a secondary email address for authentication and self-service account recovery.
| Change summary |
Authentication prompts are sent to the user's primary email address only. The user's secondary email address no longer receives the authentication prompt. Verification codes for account activation and recovery are sent to both primary and secondary email addresses. |
| Admin experience | If you allowed your users to configure primary and secondary email addresses for authentication prompts in Classic Engine, you must now require an alternate authenticator (such as biometric).
You don't have to do anything if you allow both email addresses for account activation or recovery. |
| User experience | If the user has the Email authenticator enrolled and if the policy allows it, the primary email address appears as an authenticator.
The user receives account activation and recovery verification codes to primary and secondary email addresses. If secondary email is enabled but the user hasn't provided it, they're prompted for it the first time they sign in after the upgrade. |
| Related topics | Create an authenticator enrollment policy |