# Generate temp code (Admin Portal) When users are unable to authenticate through standard methods—such as SMS, email OTP, or TOTP—due to outages, technical issues, or loss of access to their registered device, customer support can assist by providing a temp code. The Temporary Access Code, issued manually by customer support, serves as an alternative authentication method. This secure solution allows users to regain access to their accounts during recovery flows. Note This guide covers the Admin Portal approach, where a help desk admin generates the code directly from the user profile page — no custom backend integration required. For a journey-based integration, see [Account recovery with temp code (journey based)](/guides/user/ido_account_recovery). ## How it works Temporary Access Code authentication combines human verification of the user's identity with validation of the code by Mosaic. The process begins when the user contacts customer support, who verifies their identity using security questions or other manual methods. After verification, a support agent generates a Temporary Access Code directly from the user's profile page in the Admin Portal (Step 4) and securely delivers it to the user via an offline method, such as a phone call or secure message. The user then enters the code, along with their identifier, in the client app (Step 3). Mosaic validates the Temporary Access Code to complete the process. ```mermaid sequenceDiagram participant User participant AdminUser as Admin User participant AdminPortal as Admin Portal participant ClientApp as Client App participant Mosaic as Mosaic User-->>AdminUser: Request account recovery AdminUser-->>AdminUser: Verify user identity Note right of AdminUser: Step 4 AdminUser->>AdminPortal: Generate temp code (user profile page) AdminPortal->>Mosaic: Code Mosaic->>AdminPortal: Return code AdminPortal->>AdminUser: temp code displayed in modal AdminUser-->>User: Provide temp code (phone call, secure chat) User-->>ClientApp: Submit identifier and temp code Note right of ClientApp: Step 3 ClientApp->>Mosaic: Authenticate temp code Mosaic->>ClientApp: result alt Validation Success ClientApp-->>User: Access restored else Validation Failure ClientApp-->>User: Display error message end ``` ## Before you start div div Admin portal div Configuration If this is your first time integrating with Mosaic, create an application in the Admin Portal as described [here](https://developer.transmitsecurity.com/guides/user/create_new_application) and create user. This flow can only be used for existing users. ## Step 1: Configure temp code div div Admin portal div Configuration Configure temp code settings in the **Admin Portal** > **B2C** or **B2B Identity** *based on your setup* > **Authentication methods** > **One-time passcodes**. Temp code shares the same settings as OTPs: - **Expiration time**: set how long the code remains valid (in minutes). Default: 5 minutes. - **Code length**: set the length of the one-time code. - **Lockout**: configure the simple lockout policy: - **Failed attempts allowed before lockout**: set the number of failed attempts that trigger a temporary lockout. Default: 3. - **Lockout duration**: define how long the user must wait before they can try again. Default: 15 minutes. - **Cross-client OTP flow**: enable this setting to allow one client to initiate OTP generation while a different client submits it. This must be enabled for admins to generate codes from the Admin Portal. ## Step 2: Build UI for temp code input div div Client To allow users to authenticate using a Temporary Access Code, provide a UI where they can enter their **User ID** and **Temporary Access Code**. Expected flow: 1. The user enters their **User ID** and **Temporary Access Code**. 2. The client app submits both values to validate the code against Mosaic. 3. On success, the user regains access. On failure, display an appropriate error message. ## Step 3: Generate temporary access code div div Admin portal Important - The user must already exist in the app and be associated with it. - The admin performing this action must have the **Generate temporary access code (Write)** permission under the **Users** tree. See [Manage admin users](/guides/platform/manage_admin_users). Once the user's identity has been verified: 1. From **Admin Portal** > **B2C** or **B2B Identity** *based on your setup* > **Users** page, click the relevant user, then select the **Applications** tab. 2. On the relevant application row, click > **Generate temporary access code**. 3. The generated code is displayed in a modal. Copy it and securely provide it to the user (e.g., via phone call or secure chat). The code follows the expiration and lockout policy configured in [Step 2](#step-2-configure-temp-code). Audit event When a temporary access code is generated via the Admin Portal, an `admin_recovery_otp_code_generated` event is recorded in the admin activity log. See [Admin activity events](/guides/user/platform/activities#admin-events).