Customer authentication

Updated
  • Updated on Jul 20, 2025
  • Published on Jul 21, 2021
  • 3 minute(s) read
Prev Next

Lightico provides a number of methods to authenticate a customer identity before entering a session.

This article explains the different methods and how to configure them.

Note

These settings can also be configured according to team. Team settings override System settings. For more information, see Define unique team settings.


Activate customer authentication

By default, a customer receives a session invitation link and can enter the session without authenticating their identity.

To activate customer authentication:

  1. In the Admin Center, under Settings, go to System or Teams > Settings.

  2. In Customer authentication settings, under Activate customer authentication turn on the Require customer… toggle.

  3. Under First entry to session, select one of the following customer authentication methods:

    • OTP - A One Time PIN is randomly generated. See below.

    • Session PIN - A PIN is defined by the agent before starting the call. See below.

    • KBA - Knowledge Base Authentication is validated based on answers to specific questions. (Requires a third-party integration, contact support for more information.)

    • Photo ID - Validates the government issued ID, but not the customer. (Requires Mitek integration.)

      Photo ID + Selfie - A selfie photo is compared to a valid government issued ID picture. (Requires Mitek integration.)

Subsequent entries to session

To require customers to authenticate on every entry to the session:

  1. Turn on the Subsequent entries to session toggle.

  2. Select an authentication method from the dropdown.

  3. Under Require authentication after the customer has been offline for, set the amount of time that the customer is offline to require a new authentication.

Configure customer lockout settings

The following settings define how you handle failed authentication attempts. These settings can be configured for both OTP and session PIN authentication.

Customer lockout threshold

Set the number of failed authentication attempts that will cause a customer to be locked out.

Customer lockout duration

Set the duration that a customer remains locked out. 

Maximum lockouts before ban

Set the number of times a customer can be locked out before being banned.

OTP authentication

This authentication method requires the customer to enter an automatically generated one-time password (OTP) to enter the session.

You can reveal the OTP to the customer in one of the following ways:

  • Agent - The agent is shown the OTP in the agent console and can say it over the phone.

  • Notification - The customer receives an SMS or email with the OTP.

This section explains settings that are unique to OTP authentication, to configure the lockout settings, see Configure customer lockout settings above.

OTP SMS content

Enter the content of the notification that customers will receive with their one-time password. Use the string #PIN# to insert the OTP into the message. For example:

Enter #PIN# to be admitted into the collaboration session.

OTP expiration

To set a time limit for how long the OTP is valid, turn on this toggle and set the period of time.

Show OTP to Agents

If the agent will be guiding the customer into the session, turn on this toggle to display the OTP in the agent console.

For the agent perspective of this setting, see Providing the OTP directly.

Send OTP to customer

To automatically send the OTP to the customer when they open the session link, turn on this toggle.

When this setting is enabled, the agent is required to enter 2 communication channels - a phone number and an email address. The session invitation is sent to one and the OTP is sent to the other.

For the agent perspective of this setting, see Sending an OTP automatically.

Session access PIN authentication

This authentication method requires the agent to define an access PIN before starting the session with the customer. The PIN must be 4 to 20 numbers (no letters or special characters), for example, an ID/Social Security number, last digits of payment method, or some other number agreed upon between the agent and the customer. The customizable opening screen for this type of authentication provides a hint to what number the customer should enter. The customer must enter the PIN to authenticate his identity and start the session. 

The instructions below explain how to customize the opening screen. To configure the lockout settings, see Configure customer lockout settings above.

For an explanation of the agent side of this feature, see Define a session access PIN.

To customize the opening screen for session access PIN authentication:

  1. Go to the Workflow > HTML Designer page and create a static HTML page for the opening page (see Create static documents).

  2.  Go to System settings > Customer authentication, Session PIN configuration section.

  3. Turn on the Session PIN opening screen switch.

  4. Search for the HTML document in the Doc Name field and click Set HTML file.


    After clicking Save Changes at the top of the settings page, the opening screen is created.