OTP authentication by default sends one-time passcodes to an end user's email address this can be defined as a different address to the one identified through AD but OTP authentication can also forward one-time passcodes to an end users mobile phone. This article shows you how to use an email-to-SMS gateway to send OTP authentication passcodes as an SMS to an end users mobile phone.
Configure Email-to-SMS Gateway
1. Configure your email-to-SMS gateway. Below shows the configuration for the Echo for Email service provided by esendex.
A sender email address has to be added since Access Manager is the sender copy the 'Default Sender Address' from Configuration->Network->Mail as shown below to the esendex allowed email senders address list. Each service provides a number of unique features including security options you should configure your service appropriately.
Configure Authentication Scheme
Now that the gateway is set-up its time to enable OTP authentication which will email the one-time password to the users mobile.
Navigate to Authentication->Setup and add the OTP module into the appropriate flow. In the image below I have added it to Password Reset for the Browser front-end.
The final configuration step is setting up the OTP email address. From the end-user account page (My Account) the end user needs to add their mobile phone number post-fixed with the email-to-SMS gateway domain name as the 'One-time password email address' (found towards the bottom of the My Account Page). The domain name and precise email format varies between vendors for esendex the format is <mobile number>@echoemail.net as shown below:
Receiving SMS OTP Authentication Code
With everything configured it is time to send out the one-time passcode during password reset authentication. On the the OTP authentication step the user is requested to enter in the unique one-time passcode as below:
This passcode however is now sent via the email-to-SMS gateway to the end users mobile phone as an SMS as shown below:
This passcode can then be entered into the OTP authentication step to authenticate the end user.