Configuring Access Manager for SMS One Time Password through an Email to SMS service

Pre-Requisites:

Nervepoint Access Manager configured

Email to SMS Gateway Provider

 

SMS Authentication uses a one-time password that is sent to an end user's assigned phone number via SMS by default Access Manager will use the mobile phone number attribute from the directory however if permitted users can set an alternative number if they prefer. This article details the steps required to configure and use SMS Authentication.

Before configuring Access Manager to use SMS Authentication you will need an Email to SMS Gateway Provider. The SMS Gateway Provider will require some configuration this will vary depending on the company you are using. For more specific guide to configuring the different SMS Providers please see the SMS One Time Password Forum in the Helpdesk.

Once the SMS Gateway is configured you can begin configuring Access Manager to use the gateway.

 

Specify the SMS Gateway Address

First we need to set the SMS Gateway Address, go to Configuration > Network > SMS and set the SMS Provider Gateway. The default entry is a placeholder value, ${phoneNumber}@your.sms.gateway.com, the email to SMS Gateway Provider should have provided you with an address to use in place of this change the placeholder to the address provided.

For example using our Clicksend account the gateway address to be provided is ${phoneNumber}@sms.clicksend.com for a Clickatell account the gateway address to be provided is sms@messaging.clickatell.com. Using Esendex the address would be ${phoneNumber}@echoemail.net. Save this option.

 

Set the SMS Gateway Email Template 

Email to SMS services operate by the customer sending an Email that contains the message once this Email reaches the SMS gateway it is converted into an SMS and sent to the end user. In order for the SMS Gateway Provider to ensure that the Email it receives is legitimate they may request some additional information to be sent. The requirements of the verification Email can vary between different providers, Clicksend for example only requires the ${body} entry to be in the Subject, the bidy is left empty, Clickatell requires authentication in addition to the message:

  • api id
  • Clickatell account name
  • password
  • user's phone number
  • message.

Your SMS Gateway provider will have these requirements documented somewhere that you will be able to access them.

For any Providers that require these details Access Manager provides an Email template that is used to send the requested information to the gateway, go to Configuration > Messaging and locate the SMS Gateway Email template. Configure this template to meet the requirements of the gateway.

In the message template we are able to provide variables that will change depending on the situation for example in the above example the ${phoneNumber} variable will change to whatever the users phone number field is set to, the ${body} variable will use the change to the text provided in the One Time Password SMS template.

 

Set the SMS Template

Now that all the configuration is done for the gateway its time to configure the actual message that will be sent to the end user during OTP authentication from the Messaging tab select 'One Time Password SMS template'. You can edit this template if you wish to change the message that is sent to the end users.

 

Adding SMS Authentication to a Login Process

Now that the SMS Gateway and Email templates have been configured it is time to add the SMS authentication module to any authentication processes that you wish to include it on. Go to the Authentication section and add the SMS module to the login processes that you wish to use it with. SMS should only ever be used after the Username module, it is often best used as a second level of authentication after the Username and some other authentication module is provided, such as PIN or Passphrase.

The options that determine how the passwords are created are found in the Authentication > OTP tab, if you wish to change the password complexity then you can do so from there.

 

Allowing Users to set their own Phone Numbers

The very last thing that is required is for users to have a mobile phone number set on their account where possible Access Manager will pick up phone numbers from the user database attributes and set this to be used for OTP notifications, however it is also possible to allow users to set their own additional phone numbers for their account.

 

To allow this go to Configuration > Network > SMS and you will see the option “Allow user mobile numbers”. Enabling this will allow users to add their own phone numbers through the My Account section, normally it is enabled by default.

And that's all of the steps required by the end of this your system should be configured to send SMS One Time Passwords to your users through your SMS Gateway.

Have more questions? Submit a request

Comments

Powered by Zendesk