The method of delivery of One-Time Passwords is via Email, but this guide will show how you can use an SMS to Email gateway to send logon passwords to your users' mobile phones.
For this example, we will be using a service run by Kapow (https://www.kapow.co.uk)
1. Kapow website configuration
Assuming you already have a Kapow account with SMS credits available, log on to their website at. If you do not have an account, you can register via this link.
Navigate to SMS Centre, then Sending Options.
In the Trusted Email Addresses section, type in the email address that we'll be identifying as when we actually send messages and click Add.
2. Access Manager configuration
Now in Access Manager go to Configuration > Network > SMS and set the Provider Email Gateway Address option to:
Now go to Configuration > Messaging and locate the SMS Gateway Template notification and set the subject line to:
The Body section can be left empty.
Save the changes.
3. Adding SMS Authentication to a Login Process
Now that the SMS Gateway and Email templates have been configured it is time to add the SMS authentication module to any authentication processes that you wish to include it on. Navigate to Authentication->Authentication, select the Password Reset Feature line and add the SMS module to the login processes that you wish to use it with by clicking the plus next to the Module. SMS should only ever be used after the Username module, it is often best used as a second level of authentication after the Username and some other authentication module is provided, such as PIN or Passphrase.
The options that determine how the passwords are created are found in the Authentication > OTP tab, if you wish to change the password complexity then you can do so from there. Change the Output Media and set it to SMS or Both. Save the changes.
4. Allowing Users to set their own Phone Numbers
The very last thing that is required is for users to have a mobile phone number set on their account where possible Access Manager will pick up phone numbers from the user database attributes and set this to be used for OTP notifications, however it is also possible to allow users to set their own additional phone numbers for their account.
To allow this go to Configuration > Network > SMS and you will see the option “Allow user mobile numbers”. Enabling this will allow users to add their own phone numbers through the My Account section, normally it is enabled by default.
And that's all of the steps required by the end of this your system should be configured to send SMS One Time Passwords to your users through your SMS Gateway.