Configure single and multi-device access

New
  • Published on Nov 10, 2025
  • 2 minute(s) read
Prev Next

By default, Lightico sessions are restricted to single-device access. This means that once a customer opens a session link, they can only continue the session on that same device and browser. If they try to open the link on a different device—or even a different browser on the same device—the session will be blocked.

This restriction helps protect sensitive information and prevent unauthorized access. However, it can also limit flexibility for customers who switch devices mid-session.

To support a smoother experience, Lightico offers multi-device access, which allows customers to continue their session on a new device or browser—after verifying their identity via a one-time password (OTP).

How it works

When multi-device access is enabled:

  • The customer receives an OTP the first time they open the session on a new device or browser.

  • The OTP is sent via all available channels (SMS, email) based on the contact details provided.

  • Once verified, the new device is authorized for that session.

Note

OTP verification is not the same as two-factor authentication. The one-time password is sent via the same channel as the original session invitation (e.g., SMS or email), and also through a second channel if available. This mechanism ensures that even if someone intercepts the session link, they cannot access the session without also receiving and entering the OTP. It adds a layer of protection by verifying that the person opening the session is the intended recipient.

How to enable multi-device access

  1. In the Admin Center, go to system settings.

  2. Under Security > General, turn on the Multi-device access toggle.

  3. Click Go to OTP configuration or scroll to Customer authentication > Configure one-time password (OTP) authentication.

  4. Ensure that the OTP settings are properly configured.
    The following OTP settings apply to new device OTP verification:

    • Customer lockout threshold (number of retries)

    • Customer lockout duration

    • Maximum lockout before ban

    • OTP SMS content

    • OTP expiration

For more details on configuring OTP settings, see Customer authentication.

Q&A

Is this multi-browser or multi-device?
Both. Switching browsers on the same device triggers the same behavior as switching devices. The term "multi-device" is used for simplicity.

Is this two-factor validation?
No. OTP is used to verify the identity of the session owner, but it may be sent to the same channel used to initiate the session.

Can more than one device be active at the same time?
No. Only one device can be active per session. Accessing from a new device disconnects the previous one.

What happens with embedded sessions?
Embedded sessions - in which there may not be an email or SMS provided - enforce single-device access unless contact details are available for OTP delivery.

Does switching devices extend the session time?
No. The original session expiration time is preserved across devices.