# Alternate Secondary Authentication

A device can also be configured to have two options available for secondary authentication. After entering login credentials, the authentication flow proceeds to the screen to setup or train recognition for the primary secondary authentication method, as configured by `useSecondaryAuth` (i.e. create and confirm a PIN, scan an NFC tag, etc. ). If configured with a different value for `alternateSecondaryAuth`, the screen will include an option to switch to training the alternative reauthentication method.

<img src="https://emsdocs.bluefletch.com/assets/img/auth/alternateSecondaryAuth.png" alt="" width="300">

Once one of the two secondary authentication options is selected and trained, the authentication flow will proceed to the logged-in state. Upon unlocking the device from sleep, only the reauthentication method that was selected and trained - primary or alternate - will be available to unlock the device.

#### Configuration <a href="#configuration_4" id="configuration_4"></a>

The following key-value pairs can be set within the [`settings`](/bluefletch-enterprise/product-guides/bluefletch-launcher/launcher3/technical-guide.md#settings) object of the Launcher configuration JSON file.

| Field                  | Data Type | Description                                                                                                                                                                                                                                                        |
| ---------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| useSecondaryAuth       | string    | Indicates type of secondary auth during re-authorization. Values are `"none"`, `"pin"`, `"face"`, `"nfc"`, and `"barcode"`. Default is `"none"`.                                                                                                                   |
| alternateSecondaryAuth | string    | Sets an alternative secondary authentication method available during reauthentication training. Accepted values are `"pin"`, `"face"`, `"nfc"`, and `"barcode"`. Only applied if `useSecondaryAuth` is set and is a different value than `alternateSecondaryAuth`. |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bluefletch.com/bluefletch-enterprise/product-guides/authentication-and-sso/features/secondary-authentication/alternate-secondary-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.