How can a user change their phone number that is being used for TFA?
390 Views 0 Helpful

Question

How can a user change their phone number that is being used for TFA?

Product

  • Risk Based Authentication (RBA)

Details

Phone verification using SMS or voice call is a supported authentication level[1] supported by Gigya's RBA feature.

Answer

Gigya does not support users simply changing their two-factor authentication (TFA) phone number by updating their profile information. An administrator will need to make a call to the accounts.tfa.deactivateProvider[2] REST API method to reset the user's TFA devices, and on the user's next login the user will be prompted to setup a new phone number.

Note: For security reasons Gigya recommends doing this only after the requestor has provided sufficient verification that they are the account owner. Alternatively, it is also possible to build a custom flow using this API method that lets users reset their number after some form of step-up authentication (e.g. re-enter password).

Links

[1]: https://developers.gigya.com/display/GD/Risk+Based+Authentication#RiskBasedAuthentication-AuthenticationLevels
[2]: https://developers.gigya.com/display/GD/accounts.tfa.deactivateProvider+REST

Was this article helpful?