By default, Lightico sessions are restricted to single-device access. Once a customer opens a session link, they can continue the session only on the same device and browser. Attempts to access the session from another device or browser are blocked.
You can allow secure device switching by enabling multi-device access. When this setting is turned on, customers who attempt to access the session from a second device must verify their identity.
How verification works on a second device
When a customer opens the session from another device or browser, Lightico sends a one-time password (OTP) to the contact details provided in the session (SMS and/or email).
The customer must enter the OTP to authorize the new device.
This ensures that possession of the session link alone is not sufficient to access the session from another device.
For details about configuring OTP settings, see Customer authentication.
Special case: sessions without contact details
If your flow does not collect a communication method (email or phone), you cannot use OTP for second-device verification.
In this case, you must configure an identity verification (IDV) method for subsequent session entries. When configured, this method is used to authenticate the customer before allowing access from another device.
If neither OTP nor a subsequent-entry IDV method is available, access from a second device is denied.
How to enable multi-device access
In the Admin Center, go to system settings.
Under Security > General, turn on the Multi-device access toggle.
Q&A
Is this multi-browser or multi-device?
Both. Switching browsers on the same device triggers the same behavior as switching devices. The term "multi-device" is used for simplicity.
Is this two-factor validation?
No. OTP is used to verify the identity of the session owner, but it may be sent to the same channel used to initiate the session.
Can more than one device be active at the same time?
No. Only one device can be active per session. Accessing from a new device disconnects the previous one.
What happens with embedded sessions?
Embedded sessions - in which there may not be an email or SMS provided - ensure that a subsequent session entry verification is enabled. See above.
Does switching devices extend the session time?
No. The original session expiration time is preserved across devices.