Elevated Authentication

Prev Next

Coming Soon: We will support Elevated Authentication for changes to addresses and passwords, as well as adding external accounts, in a future release.

To enhance security, you can enable Elevated Authentication, which requires users to complete two-factor authentication (2FA) for critical actions. This additional layer of protection helps prevent fraud, safeguards sensitive account information, and ensures that only authorized users can complete high-risk transactions.

With Elevated Authentication, users must verify their identity before performing actions such as sending ACH payments and wires or updating their email, phone number, or username. Additionally, your institution can configure the duration for which users remain in Elevated Authentication Mode before they are required to authenticate again.

For users who have biometrics set up on their mobile device, Elevated Authentication uses biometric verification instead of 2FA. If biometric verification fails twice, the mobile app automatically falls back to 2FA via SMS and email. Please contact your Narmi Relationship Manager to enable sudo mode biometrics for your institution.

Account verification prompt asking for email or phone for code delivery.

Enable or Disable Elevated Authentication

To turn Elevated Authentication on or off, go to Narmi Command under Configurations > Institution Settings > Features Requiring Elevated Authentication.

Settings for elevated authentication features with checkboxes next to each option.

Select the box next to each action that should require Elevated Authentication:

  • ach_payments – When making an ACH payment (Business only)

  • add_member – When adding a new member for member-to-member transfers (Consumer and Business)

  • email_change – When changing the email address in Narmi Banking settings (Consumer and Business)

  • phone_change – When changing the phone number in Narmi Banking settings (Consumer and Business)

  • sensitive_card_info – When viewing the card number, expiration date, and CVV in Narmi Banking card management (Consumer only)

  • sensitive_user_info – When a third-party service or integration attempts to retrieve the user’s date of birth and Social Security Number through the Narmi Admin API’s /me/sensitive endpoint. For more information, please visit our API documentation.

  • username_change – When changing the username in Narmi Banking settings (Consumer and Business)

  • wires – When making a wire transfer (Consumer and Business)

Note: We will support 2FA for changes to addresses and passwords, as well as adding external accounts, in a future release. Please refrain from enabling the address_change, password_change, and add_external_account settings, as these settings could negatively impact the user experience.

Configure Elevated Authentication Mode Duration

By default, after selecting a 2FA verification method, a user remains in Elevated Authentication Mode for 60 seconds, allowing them up to 60 seconds to receive and enter their authentication code before they are required to authenticate again.

Your institution can adjust this duration in Narmi Command under Configurations > Institution settings > Elevated Authentication Mode Duration. This setting should be at least 20 seconds to ensure users have enough time to receive and enter their authentication code.