Modify Multi-factor Authentication (MFA) pages

You can customize the IBM® Security Verify Modify Multi-factor Authentication (MFA) pages for your business.

For more information about MFA, see Configuring authentication factors and Managing user multi-factor authentication (MFA) enrollments.

To update the MFA pages, download the compressed theme file. Edit the pages as needed and then upload the updated themes file back to your tenant. For more information, see Updating a theme.

Text changes can be made to the pages by using HTML markup. The HTML files also contain macros. Macros are characters between the @ symbol where the data is rendered at run time. Do not change the macros in the files.

The IBM Security Verify MFA pages are located in the templates\authentication\mfa\ directory within the themes compressed file.

The following MFA pages are available for customization:

Adaptive Access

The adaptive access authentication uses deep identity insights to match access policies to a user profile. For more information, see Managing adaptive access.

The MFA adaptive access pages are located in the templates\authentication\mfa\adaptive\default directory.

The adaptive access pages are:

Modify adaptive access snippets page

This page is displayed during adaptive access verification. Update the adaptative_access_snippets.html file to modify the page.

The following labels are available on the adaptive access verification page. To update the text on these labels, see Customizing labels.
  • $TRUSTEER_VERIFYING_PAGE_TITLE$
  • $SAML_POST_REQUEST_WAIT$

The macros for this page are shown in the following table.

Table 1. Macro definitions
Macro Value that replaces the macro
@COLLECTION_MONITOR_TIMEOUT_A2@ The timeout for the collection monitor.
@COLLECTION_PAGE_TIMEOUT@ The timeout for the collection page.
@FRONTEND_URL@ The front-end URL.
@GET_FLOW_COUNT_A2@ The flow count value.
@SNIPPET_ID@ The Trusteer® snippet ID.
@TAGVALUE_SESSION_INDEX@ The tag value for the session index.
@TARGET_URL@ The target URL to submit to.
@TARGET_URL_QUERY_PARAMETER@ The target URL query value.
@THEME_ID@ The ID of the registered template theme.
Modify adaptive access snippets error page

This page is displayed on an adaptive access error. Update the adaptative_access_snippets_error.html file to modify the page.

The following labels are available on the adaptive access snippets error page. To update the text on these labels, see Customizing labels.
  • $GENERIC_ERROR_TITLE$
  • $GENERIC_ERROR_HEADER$

The macros for this page are shown in the following table.

Table 2. Macro definitions
Macro Value that replaces the macro
@ERROR_MESSAGE@ An error message that is specific to the action in the page.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@THEME_ID@ The ID of the registered template theme.
Modify email one-time password (OTP) page

The email OTP page is generated and sent to the user's registered email address to complete the authentication request.

The email OTP page is located in the templates\authentication\mfa\email\default\otp_delivery_email.xml file. Translated OTP pages are located in templates\authentication\mfa\email\<locale> directory.

Text changes can be made to the email OTP page by using XML markup.

The macros for this page are shown in the following table.

Table 3. Macro definitions
Macro Value that replaces the macro
@CORRELATION@ The correlation value.
@OTP@ The last six digits of the one-time password that is sent to the registered OTP delivery method.
@OTP_LIFETIME@ The time allowed before the one-time password expires.
MFA Enrollments

IBM Security Verify MFA enrollments can be enabled to provide second factor authentication. For more information, see Managing user multi-factor authentication (MFA) enrollments.

The MFA enrollment pages are located in the templates\authentication\mfa\enrollment\default directory.

The MFA enrollment pages are:

Modify email enrollment page

This page is displayed when defining an email to use for MFA authentication. Update the email_enrollment.html file to modify the page.

The following labels are available on the email enrollment page. To update the text on these labels, see Customizing labels.
  • $EMAIL_ENROLLMENT_TITLE$
  • $EMAIL_ENROLLMENT_HEADING$
  • $LABEL_ENTER_EMAIL_ADDRESS$
  • $EMAIL_ENROLLMENT_DESCRIPTION$
  • $LABEL_EMAIL_ADDRESS$
  • $EMAIL_ENROLLMENT_SEND_OTP_BUTTON$
  • $EMAIL_ENROLLMENT_USE_ANOTHER_METHOD_LINK$
  • $EMAIL_ENROLLMENT_INVALID_VALUE_ERROR$

The macros for this page are shown in the following table.

Table 4. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@ERROR_MESSAGE@ An error message that is specific to the action in the page.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@THEME_ID@ The ID of the registered template theme.

Modify enrollment selection page

This page is displayed when adding a MFA verification method or device. Update the enrollment_selection.html file to modify the page.

The following labels are available on the enrollment selection page. To update the text on these labels, see Customizing labels.
  • $ENROLLMENT_SELECTION_TITLE$
  • $SMSOTP_LABEL$
  • $SMSOTP_DESCRIPTION$
  • $SMSOTP_LINK_TEXT$
  • $EMAILOTP_LABEL$
  • $EMAILOTP_DESCRIPTION$
  • $EMAILOTP_LINK_TEXT$

The macros for this page are shown in the following table.

Table 5. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@FACTORS@ The authentication factor.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@SHOW_CANCEL_LINK@ The link to cancel an enrollment.
@THEME_ID@ The ID of the registered template theme.

Modify enrollment success page

This page is displayed when a MFA enrollment is successful. Update the enrollment_success.html file to modify the page.

The following labels are available on the enrollment success page. To update the text on these labels, see Customizing labels.
  • $ENROLLMENT_SUCCESSFUL_TITLE$
  • $ENROLLMENT_SUCCESSFUL_HEADING$
  • $WAS_ADDED_LABEL$
  • $ENROLLMENT_CAN_REMOVE_MESSAGE$
  • $ENROLLMENTS_DONE_BUTTON$
  • $ADD_ADDITIONAL_METHOD_LINK$

The macros for this page are shown in the following table.

Table 6. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@FACTOR_ATTRIBUTE@ The authentication factor attribute.
@FACTOR_LABEL@ The authentication factor label.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@THEME_ID@ The ID of the registered template theme.

Modify FIDO2 enrollment page

This page is displayed when defining FIDO2 to use for MFA authentication. Update the fido2_enrollment.html file to modify the page.

The following labels are available on the FIDO2 page. To update the text on these labels, see Customizing labels.

  • $FIDO2_ENROLLMENT_TITLE$
  • $FIDO2_ENROLLMENT_HEADING$
  • $FIDO2_HAVING_TROUBLE_BUTTON$
  • $FIDO2_ENROLLMENT_PREPARE_DEVICE$
  • $FIDO2_ENROLLMENT_NAME_DEVICE$
  • $FIDO2_ENROLLMENT_PREPARE_DEVICE_INSTRUCTION$
  • $FIDO2_ENROLLMENT_PLUG_DEVICE_INSTRUCTION$
  • $FIDO2_ENROLLMENT_ENTER_PIN_INSTRUCTION$
  • $FIDO2_ENROLLMENT_GIVE_PERMISSION_INSTRUCTION$
  • $FIDO2_ENROLLMENT_CONNECT_DEVICE_BUTTON$
  • $FIDO2_ENROLLMENT_ANOTHER_METHOD$
  • $FIDO2_ENROLLMENT_NAME_INPUT$
  • $FIDO2_ENROLLMENT_NICKNAME_PLACEHOLDER$
  • $FIDO2_ENROLLMENT_VERIFY_DEVICE_BUTTON$
  • $FIDO2_ENROLLMENT_NAME_ERROR$
The macros for this page are shown in the following table.
Note: The associated pages label FIDO as passkey to provide a more consumer-friendly experience for users.
Table 7. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@ATTESTATION_OPTIONS@ FIDO2 attestation options.
@THEME_ID@ The ID of the registered template theme.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@ERROR_MESSAGE@ An error message that is specific to the action in the page.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@FALLBACK@ Had user used fallback to register FIDO2.

Modify IBM Verify enrollment page

This page is displayed when defining IBM Verify to use for MFA authentication. Update the ibmverify_enrollment.html file to modify the page.

The following labels are available on the IBM Verify enrollment page. To update the text on these labels, see Customizing labels.
  • $IBM_VERIFY_ENROLLMENT_TITLE$
  • $IBM_VERIFY_ENROLLMENT_HEADING$
  • $IBM_VERIFY_DOWNLOAD_APP_TEXT$
  • $IBM_VERIFY_DOWNLOAD_INSTRUCTIONS_TEXT$
  • $IBM_VERIFY_LAUNCH_APP_STORE_TEXT$
  • $IBM_VERIFY_SEARCH_IBM_VERIFY_TEXT$
  • $IBM_VERIFY_TAP_INSTALL_APP_TEXT$
  • $IBM_VERIFY_CONNECT_ACCOUNT_BUTTON$
  • $IBM_VERIFY_CONNECT_YOUR_ACCOUNT_TEXT$
  • $IBM_VERIFY_CONNECT_APP_TEXT$
  • $IBM_VERIFY_AUTHENTICATOR_APP_TEXT$
  • $IBM_VERIFY_SCAN_QR_CODE_TEXT$
  • $IBM_VERIFY_FOLLOW_ONSCREEN_PROMPTS_TEXT$
  • $IBM_VERIFY_VERIFY_DEVICE_BUTTON$

The macros for this page are shown in the following table.

Table 8. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@QR_CODE The QR code for enrollment.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@VERIFY_BUTTON_ENABLED Decide whether to enable or disable Verify your account button
@THEME_ID@ The ID of the registered template theme.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.

Modify phone enrollment page

This page is displayed when defining a Short Message Service (SMS) phone number to use for MFA authentication. Update the phone_enrollment.html file to modify the page.

The following labels are available on the phone enrollment page. To update the text on these labels, see Customizing labels.
  • $PHONE_ENROLLMENT_TITLE$
  • $PHONE_ENROLLMENT_HEADING$
  • $LABEL_ENTER_PHONE_NUMBER$
  • $PHONE_ENROLLMENT_DESCRIPTION$
  • $LABEL_PHONE_NUMBER_WITH_AREA_CODE$
  • $PHONE_ENROLLMENT_SEND_OTP_BUTTON$
  • $PHONE_ENROLLMENT_USE_ANOTHER_METHOD_LINK$
  • $PHONE_ENROLLMENT_INVALID_VALUE_ERROR$

The macros for this page are shown in the following table.

Table 9. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@ERROR_MESSAGE@ An error message that is specific to the action in the page.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@THEME_ID@ The ID of the registered template theme.

Modify Time-based one-time password (TOTP) enrollment page

This page is displayed when defining a TOTP for MFA authentication. Update the totp_enrollment.html file to modify the page.

The following labels are available on the phone enrollment page. To update the text on these labels, see Customizing labels.
  • $TOTP_ENROLLMENT_TITLE$
  • $TOTP_ENROLLMENT_HEADING$
  • $TOTP_DOWNLOAD_APP_TEXT$
  • $TOTP_DOWNLOAD_INSTRUCTIONS_TEXT$
  • $TOTP_LAUNCH_APP_STORE_TEXT$
  • $TOTP_SEARCH_APP_TEXT$
  • $TOTP_TAP_INSTALL_APP_TEXT$
  • $TOTP_CONNECT_AUTHENTICATOR_BUTTON$
  • $USE_ANOTHER_METHOD$
  • $TOTP_CONNECT_APP_TEXT$
  • $TOTP_LAUNCH_AUTHENTICATOR_APP_TEXT$
  • $TOTP_CONNECT_ACCOUNT_TEXT$
  • $TOTP_SCAN_QR_CODE_TEXT$
  • $TOTP_TEST_AUTHENTICATOR_BUTTON$
  • $TOTP_CONNECT_YOUR_ACCOUNT_TEXT$

The macros for this page are shown in the following table.

Table 10. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@QR_CODE@ The bar code.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@THEME_ID@ The ID of the registered template theme.
@TOTP_SECRET_CODE@ TOTP key for authentication.
Modify MFA error request page

The MFA error request page is displayed to the user when an MFA authentication error occurs.

The MFA error request page is located in the templates\authentication\mfa\error\default\auth_request_error.html file.

The following labels are available on this page. To update the text on these labels, see Customizing labels.
  • $GENERIC_ERROR_TITLE$
  • $GENERIC_ERROR_HEADER$
  • $GENERIC_ERROR_OCCURRED_AT$
  • $GENERIC_ERROR_REQUEST_ADDRESS$
  • $GENERIC_ERROR_ERROR_DETAILS$
  • $GENERIC_ERROR_VIEW_DETAILS$
  • $GENERIC_ERROR_HIDE_DETAILS$

The macros for this page are shown in the following table.

Table 11. Macro definitions
Macro Value that replaces the macro
@ERROR_MESSAGE@ An error message that is specific to the action in the page.
@EXCEPTION_MSG@ The exception message.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@REQ_ADDR@ The URL into which the request from the user is sent.
@THEME_ID@ The ID of the registered template theme.
@TIMESTAMP@ The timestamp when the error occurred.
Modify Fast IDentity Online (FIDO2) two factor authentication (2FA) page

The FIDO2 page is displayed to the user during authentication. For more information, see Signing in and Managing FIDO2 devices.

The FIDO2 page is located in the templates\authentication\mfa\fido2\default\passwordless_fido2.html file.

The following labels are available on this page. To update the text on these labels, see Customizing labels.
  • $FIDO2_TITLE$
  • $FIDO2_VERIFICATION_LABEL$
  • $FIDO2_TOKEN$
  • $FIDO2_ANOTHER_METHOD$

The macros for this page are shown in the following table.

Table 12. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@FIDO2_ASSERTION_OPTIONS@ FIDO2 assertion options.
@FIDO2_VERIFY_STATE@ FIDO2 assertions verify state.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@THEME_ID@ The ID of the registered template theme.
Modify IBM Verify authentication page

The IBM Verify authentication page is displayed to the user during the confirmation of user's physical presence on the device. For more information, see Managing IBM Verify registrations and authentication factor enrollments.

The IBM Verify authentication page is located in the templates\authentication\mfa\ibmverify\default\ibmverify_single.html file.

The following labels are available on this page. To update the text on these labels, see Customizing labels.
  • $VERIFY_LOGIN_TITLE$
  • $VERIFY_LOGIN_PENDING$
  • $TRANSACTION$
  • $USE_ANOTHER_METHOD$

The macros for this page are shown in the following table.

Table 13. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@DEVICE_NAME@ The name of the device.
@DEVICE_TYPE@ The type of the device.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@THEME_ID@ The ID of the registered template theme.
@TRANSACTION@ The transaction value.
@TRANSACTION_ID@ The ID of the transaction.
@VERIFY_LOGIN_PENDING@ The login pending value.
Modify Security Questions page

The security questions page is displayed to the user during authentication. For more information, see Managing security questions.

The security questions page is located in the templates\authentication\mfa\knowledge_questions\default\knowledge_questions_answers.html file.

The following labels are available on this page. To update the text on these labels, see Customizing labels.
  • $KNOWLEDGE_QA_TITLE$
  • $KNOWLEDGE_QA_WELCOME$
  • $KNOWLEDGE_QA_LETS_MAKE_SURE_ITS_YOU$
  • $KNOWLEDGE_QA_CORRECTLY_ANSWER_QUESTIONS$
  • $KNOWLEDGE_QA_VERIFY$
  • $KNOWLEDGE_QA_USE_ANOTHER_METHOD$

The macros for this page are shown in the following table.

Table 14. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@ERROR_MESSAGE@ An error message that is specific to the action in the page.
@KNOWLEDGE_QA_WELCOME@ The welcome value.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@QUESTION@ The translated question value.
@QUESTION_KEY@ The question identifier.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@THEME_ID@ The ID of the registered template theme.
@USER_GIVEN_NAME@ The given name of the logged in user.
Modify Combined MFA selection page

The combined MFA selection page is displayed to the user with a selection of MFA authentication options.

The combined MFA selection page is located in the templates\authentication\mfa\mfa_selection\default\combined_mfa_selection.html file.

The following labels are available on this page. To update the text on these labels, see Customizing labels.
  • $OTP_DELIVERY_SELECTION_TITLE$
  • $OTP_METHOD_TYPE_EMAIL$
  • $OTP_METHOD_TYPE_SMS$
  • $OTP_METHOD_TYPE_VERIFY$
  • $OTP_METHOD_TYPE_TOTP$
  • $OTP_METHOD_TYPE_KQ$
  • $OTP_METHOD_TYPE_FIDO2$
  • $OTP_METHOD_TYPE_VOICE_OTP$
  • $OTP_METHOD_ACTION_EMAIL$
  • $OTP_METHOD_ACTION_SMS$
  • $OTP_METHOD_ACTION_VERIFY$
  • $OTP_METHOD_ACTION_TOTP$
  • $OTP_METHOD_ACTION_KQ$
  • $OTP_METHOD_ACTION_FIDO2$
  • $OTP_METHOD_ACTION_VOICE_OTP$
  • $OTP_DELIVERY_SELECTION_TWO_STEP_VERIFICATION$
  • $OTP_DELIVERY_SELECTION_CHOOSE_METHOD$
  • $OTP_DELIVERY_SELECTION_HOW_VERIFY$
  • $HELP_NEED_HELP$
  • $HELP_CONTACT_HELP_DESK$
  • $HELP_CANNOT_USE$
  • $HELP_GET_HELP$

The macros for this page are shown in the following table.

Table 15. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@FULLNAME@ Authenticated user full name.
@GIVEN_NAME@ Given name or first name.
@NAME@ Full name of the user.
@OTP_METHOD_CHECK@ The one-time password check value.
@OTP__METHOD_ID@ The ID of the method for generating, delivering, and verifying the one-time password. This ID is generated by the OTPGetMethods mapping rule.
@OTP__METHOD_LABEL@ The label of the method for generating, delivering, and verifying the one-time password. This label is generated by the OTPGetMethods mapping rule.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@PREFERRED_USERNAME@ Preferred username.
@THEME_ID@ The ID of the registered template theme.
Modify One-time password (OTP) submit page

The OTP submit page is displayed to the user when the OTP is submitted for authentication.

The OTP submit page is located in the templates\authentication\mfa\otp_auth\default\otp_submit.html file.

The following labels are available on this page. To update the text on these labels, see Customizing labels.
  • $OTP_TITLE$
  • $OTP_ENTER_OTP_SENT_TO$
  • $OTP_ENTER_OTP$
  • $OTP_SUBMISSION$
  • $OTP_TIME_REMAINING$
  • $OTP_LOGIN_SUBMIT$
  • $OTP_EXPIRED$
  • $OTP_LOGIN_RESEND$
  • $USE_ANOTHER_METHOD$

The macros for this page are shown in the following table.

Table 16. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@ERROR_MESSAGE@ An error message that is specific to the action in the page.
@OTP_DELIVERY_ATTR@ The one-time password delivery attributes.
@OTP_EXPIRY_TIME@ The password expiration time in yyyy-MM-dd'T'HH:mm:ss.sss'Z' format
@OTP_HINT@ The one-time password hint. The hint is a sequence of characters that is associated with the one-time password.
@OTP_LIFETIME@ The time allowed before the one-time password expires.
@OTP_STRING@ The one-time password that is generated by the one-time password provider.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@THEME_ID@ The ID of the registered template theme.
Modify Short message service (SMS) One-time password (OTP) page

The SMS OTP page is displayed to the user when a text message is sent for the OTP authentication.

The SMS OTP page is located in the templates\authentication\mfa\sms\default\otp_delivery_sms.xml file. The translated SMS OTP pages are located in templates\authentication\mfa\sms\<locale> directory.

Text changes can be made to the SMS OTP page by using XML markup.

The macros for this page are shown in the following table.

Table 17. Macro definitions
Macro Value that replaces the macro
@CORRELATION@ The correlation value.
@OTP@ The last six digits of the one-time password that is sent to the registered OTP delivery method.
@OTP_LIFETIME@ The time allowed before the one-time password expires.
Modify Time-based one-time password (TOTP) page

The TOTP page is displayed to the user during a Time-based OTP authentication.

The TOTP page is located in the templates\authentication\mfa\totp\default\time_based_otp_submit.html file.

The following labels are available on this page. To update the text on these labels, see Customizing labels.
  • $OTP_TITLE$
  • $OTP_SUBMISSION$
  • $TOTP_ENTER_OTP$
  • $OTP_LOGIN_SUBMIT$
  • $USE_ANOTHER_METHOD$

The macros for this page are shown in the following table.

Table 18. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@ERROR_MESSAGE@ An error message that is specific to the action in the page.
@OTP_LOGIN_DISABLED@ Disables one-time password login.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@SHOW_USE_ANOTHER_METHOD@ Value for another verification method.
@THEME_ID@ The ID of the registered template theme.
@ACCOUNT_NAME@ The account name of the selected TOTP authenticator.
Modify Voice page

The voice page is displayed to the user during an OTP authentication.

The voice page is located in the templates\authentication\mfa\voice\default\otp_delivery_voice.xml file.

Text changes can be made to the voice page by using XML markup.

The macros for this page are shown in the following table.

Table 19. Macro definitions
Macro Value that replaces the macro
@BREAK@ A line return.
@OTP@ The last six digits of the one-time password that is sent to the registered OTP delivery method.
Modify user lockout warning page

This page is displayed to the user when the multiple required enrollments is configured and the user does not already have the required number of authentication factors enrolled. Update the multiple_mfa_required.html file to modify the page.

The following labels are available on the Don’t get locked out page. To update the text on these labels, see Customizing labels.
  • $REQUIRED_MULTI_ENROLLMENTS_TITLE$ - This is a page title.
  • $REQUIRED_MULTI_ENROLLMENTS_INFO$ - Information about the security policy restrictions.
  • $REQUIRED_MULTI_ENROLLMENTS_NOTE$ - Note for the end user.
  • $REQUIRED_MULTI_ENROLLMENTS_LEARN_MORE_PAGE_URL$ - This provides a link to document where user can find more information about minimum required 2FA enrollments.
  • $REQUIRED_MULTI_ENROLLMENTS_NEXT_BUTTON$ - Label for the `Next` button. Clicking this button will proceed with new enrollment.
  • $REQUIRED_MULTI_ENROLLMENTS_SKIP_BUTTON$ - Label for the `Skip` button. It will be available only if user has at least one MFA enrollment, and when user is within a grace period. Clicking this button will skip additional enrollment for the time being.

The macros for this page are shown in the following table.

Table 20. Macro definitions
Macro Value that replaces the macro
@FACTORS_REQUIRED@ The minimum required number of 2FA enrollments.
@FACTORS_ENROLLED@ The number of already active 2FA enrollments of the user.
@FACTORS_DEADLINE@ The deadline (date & time) by when user should complete the required number of minimum 2FA enrollments.
@CAN_SKIP@ true / false. true, if user should be able to skip required additional enrollments; false otherwise.
Modify enrollment reuse warning page

The enrollment reuse warning is displayed to the user when the multiple required enrollments is configured, and when the user is trying to enroll the previously used phone number, email address, or other unique attribute as an additional verification method. Even though the same attribute value is allowed to be reused by design, the user needs to be alerted that it does not count toward the minimum required enrollments. As a result, the security policy will not be satisfied. Update the enroll_inuse_warning.html file to modify the page.

The following labels are available on the Non-unique enrollment warning page. To update the text on these labels, see Customizing labels.

  • $ENROLLMENT_INUSE_WARNING_TITLE$ - The page title.
  • $REQUIRED_MULTI_ENROLLMENTS_INFO_SUBHEADING$ - Information that is about required and completed enrollments.
  • $ENROLLMENT_INUSE_PROCEED_BUTTON$ - Label for the Proceed button.
  • $ENROLLMENT_INUSE_ENROLL_ANOTHER_METHOD_LINK$ - Label for the 'Enroll another method' link.
  • $ENROLLMENT_INUSE_WARNING$ - Warning about a factor value already in use.
  • $ENROLLMENT_INUSE_WARNING_DESCRIPTION$ - Warning about the Minimum Required Enrollments and non-unique enrollment.

The macros for this page are shown in the following table.

Table 21. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@FACTORS_REQUIRED@ The minimum required number of 2FA enrollments.
@FACTORS_ENROLLED@ The number of already active 2FA enrollments of the user.
@FACTOR_VALUE@ The phone number, email address, or respective attribute value of the factor.
Modify external MFA provider login page

This page is displayed to the user when the user selects an external MFA method such as DUO. Update the mfaprovider_login.html file to modify the page.

The following labels are available on the external MFA provider's login page. To update the text on these labels, see Customizing labels.

  • $MFA_PROVIDER_TITLES$ - This is a page title.
  • $OTP_SUBMISSION$ - The label for One Time Password (OTP) submission.
  • $OTP_ENTER_OTP_SENT_TO$ - The label to indicate that the One Time Password (OTP) was sent.
  • $TOTP_ENTER_OTP$ - The label for Time-based One Time Password (TOTP) input.
  • $OTP_LOGIN_SUBMIT$ - The label for One Time Password (OTP) submit button.
  • $USE_ANOTHER_METHOD$ - The label for the Use another method link.

The macros for this page are shown in the following table. A few macros are not used directly on this page by default, but they are made available for customers to use if required.

Table 22. Macro definitions
Macro Value that replaces the macro
@PROVIDER_NAME@ The external provider's name.
@DEVICE_NAME@ The device name being used for MFA.
@DELIVERY_ADDRESS@ The delivery address of the subject.
@SELECTED_CAPABILITY@ The capability selected- smsotp, totp, hotp, push, and so on.
@SHOW_USE_ANOTHER_METHOD@ A boolean flag. true if use another method link should be shown; false otherwise.
@ACTION@ The action that is taken.
@ERROR_MESSAGE@ An error message that is specific to the action page.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@NAME@ The user's full name.
@FAMILY_NAME@ The user's last name.
@GIVEN_NAME@ The user's first name.
@PREFERRED_NAME@ The user's preferred username.
@THEME_ID@ The ID of the registered template theme.
Modify Time-based one-time password (TOTP) enrollment account name page

This page is displayed when enrolling the TOTP for MFA authentication.

The following labels are available on the TOTP enrollment account name page. To update the text on these labels, see Customizing labels.

  • $TOTP_ENROLLMENT_TITLE$
  • $TOTP_ENROLLMENT_HEADING$
  • $TOTP_LABEL_ENTER_ACCOUNT_NAME$
  • $TOTP_ACCOUNT_NAME_DESCRIPTION$
  • $TOTP_LABEL_ACCOUNT_NAME$
  • $TOTP_GENERATE_QR_BUTTON$
  • $USE_ANOTHER_METHOD$

The macros for this page are shown in the following table.

Table 23. Macro definitions
Macro Value that replaces the macro
@ACTION@ The action that is taken.
@PAGE_FOOTER@ The HTML that contains the footer of the page. This code can be modified by customizing the footer.html common template.
@PAGE_HEADER@ The HTML that contains the header of the page. This code can be modified by customizing the header.html common template.
@ERROR_MESSAGE@ An error message that is specific to the action page.
@SHOW_USE_ANOTHER_METHOD@ The value for another verification method.
@THEME_ID@ The ID of the registered template theme.

To change the page header, footer, and style for the MFA pages, see Create common branding.