Alternate Secondary Authentication

A device can also be configured to have two options available for secondary authentication. After entering login credentials, the authentication flow proceeds to the screen to setup or train recognition for the primary secondary authentication method, as configured by useSecondaryAuth (i.e. create and confirm a PIN, scan an NFC tag, etc. ). If configured with a different value for alternateSecondaryAuth, the screen will include an option to switch to training the alternative reauthentication method.

Once one of the two secondary authentication options is selected and trained, the authentication flow will proceed to the logged-in state. Upon unlocking the device from sleep, only the reauthentication method that was selected and trained - primary or alternate - will be available to unlock the device.


The following key-value pairs can be set within the settings object of the Launcher configuration JSON file.

FieldData TypeDescription



Indicates type of secondary auth during re-authorization. Values are "none", "pin", "face", "nfc", and "barcode". Default is "none".



Sets an alternative secondary authentication method available during reauthentication training. Accepted values are "pin", "face", "nfc", and "barcode". Only applied if useSecondaryAuth is set and is a different value than alternateSecondaryAuth.

Last updated