SMS Authentication using Email-to-SMS Gateways

OTP authentication by default sends one-time passcodes to an end user's email address this can be defined as a different address to the one identified through AD but OTP authentication can also forward one-time passcodes to an end users mobile phone. This article shows you how to use an email-to-SMS gateway to send OTP authentication passcodes as an SMS to an end users mobile phone.

Configure Email-to-SMS Gateway

1. Configure your email-to-SMS gateway. Below shows the configuration for the Echo for Email service provided by esendex.


A sender email address has to be added since Access Manager is the sender copy the 'Default Sender Address' from  Configuration->Network->Mail as shown below to the esendex allowed email senders address list. Each service provides a number of unique features including security options you should configure your service appropriately.


Configure Authentication Scheme

Now that the gateway is set-up its time to enable OTP authentication which will email the one-time password to the users mobile.

Navigate to Authentication->Setup and add the OTP module into the appropriate flow. In the image below I have added it to Password Reset for the Browser front-end.


End-User Configuration

The final configuration step is setting up the OTP email address. From the end-user account page (My Account) the end user needs to add their mobile phone number post-fixed with the email-to-SMS gateway domain name as the 'One-time password email address' (found towards the bottom of the My Account Page). The domain name and precise email format varies between vendors for esendex the format is <mobile number> as shown below:


Receiving SMS OTP Authentication Code

With everything configured it is time to send out the one-time passcode during password reset authentication. On the the OTP authentication step the user is requested to enter in the unique one-time passcode as below:


 This passcode however is now sent via the email-to-SMS gateway to the end users mobile phone as an SMS as shown below:


 This passcode can then be entered into the OTP authentication step to authenticate the end user.

Have more questions? Submit a request


Powered by Zendesk