5.10.3. SMS Token Configuration¶
The SMS token creates an OTP value and sends this OTP value to the mobile phone of the user. The SMS can be triggered by authenticating with only the OTP PIN:
5.10.3.1. First step¶
In the first step the user will enter his OTP PIN and the sending of the SMS is triggered. The user is denied access for now.
5.10.3.2. Second step¶
In the second step, the user authenticates with the OTP PIN and the OTP value he received via SMS. The user is granted access if the OTP values match.
Alternatively, the user can authenticate with the transaction_id
that was
sent to him in the response during the first step and only the OTP value. The
transaction_id
assures that the user already presented the first factor (OTP
PIN) successfully.
5.10.3.3. Configuration Parameters¶
- SMS Gateway configuration
You can centrally define the SMS gateways used for sending SMS OTP token but also for the event notifications. (See User Notification Handler Module)
For configuring SMS Gateways read SMS Gateway configuration. In this token configuration you can select on defined gateway to send SMS for authentication.
- OTP validity time
This is the time in seconds, for how long the sent OTP value is valid. If a user tries to authenticate with the sent OTP value after this time, authentication will fail.