Enable email OTP for multi-factor authentication

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Manage how two-factor authentication is applied on your instance.

    The property glide.authenticate.multifactor.email.otp.enabled controls whether a token for the second authentication factor can be sent via email. Email is considered a weak MFA factor which an attacker is more likely to gain access into for defeating MFA.

    If the property is false, the user doesn't see email OTP option on the MFA validation screen.

    If the property is true:

    1. The email factor is shown in cases where the email factor policy is inactive and no other 2fa registered.
    2. The email factor is shown if the email factor policy is active and evaluated to true.
    3. The email factor is not shown if the email factor policy is active and evaluated to false.

    More information

    Attribute Description
    Configuration name glide.authenticate.multifactor.email.otp.enabled
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value false
    Default value true
    Category Authentication
    Security risk
    • Severity score: 3.1
    • CVSS score: Low
    • Security risk details: An attacker may successfully bypassing MFA when they have the user's password.
    Dependencies and prerequisites None
    References Email as an MFA factor