13.33 SMS Sender

In this policy, you can configure the settings for the SMS OTP method. The SMS OTP method sends SMS messages with one-time passwords to the users. Advanced Authentication contains predefined settings for Twilio and MessageBird services.

Authentication Flow

The authentication flow for the SMS sender in Advanced Authentication is described in the following image.

A user wants to authenticate on an endpoint such as a laptop or a website with the SMS method. The following steps describe the authentication flow:

  1. When the authentication request is initiated, the endpoint contacts the Advanced Authentication server.

  2. The Advanced Authentication server validates the user’s credentials and gets a phone number of the user from a Repository.

  3. Advanced Authentication server sends the request to a configured SMS Service Provider to send an SMS message with the content that includes a one-time password (OTP) for authentication.

  4. SMS Service Provider sends the SMS message to the user's phone.

  5. SMS Service Provider sends the 'sent' signal to the Advanced Authentication server.

  6. Advanced Authentication server sends a request to the user to specify an OTP on the endpoint.

  7. The user specifies the OTP from the SMS message. The Advanced Authentication server gets the OTP.

  8. Advanced Authentication server then validates the authentication. The authentication is done or denied.

HTTP/HTTPS protocol is used for the communication.

Access configuration

Advanced Authentication server - SMS Service Provider (HTTP/HTTPS, outbound).

The Sender Service consists of the following three options:

13.33.1 Generic

You can configure one of the following generic SMS sender manually:

Clickatell

To configure Clickatell as the SMS sender perform the following steps:

  1. Select Generic in Sender service.

  2. Recipient Mask: Specify the masked value that you want to display for the SMS.

    The SMS OTP of the users is masked when users authenticate with the SMS OTP method.

    NOTE:For Advanced Authentication 6.3 Service Pack 3 and newer versions, Recipient Mask field is not available. In Advanced Authentication 6.3 Service Pack 3 and newer versions, the SMS OTP of the users is masked by default.

    NOTE:The default value is set and if you do not change the Recipient Mask value, the default value is considered for masking of the SMS OTP.

  3. Specify a Service URL value.

    For example, Clickatell http://api.clickatell.com/http/sendmsg?

  4. Leave HTTP Basic Authentication Username and HTTP Basic Authentication Password blank.

  5. Select POST from HTTP request method.

  6. Click Add and create the following parameters in HTTP request body.

    • Parameter name: user

      Parameter value: name of your account

    • Parameter name: to

      Parameter value: {phone}

    • Parameter name: text

      Parameter value: {message}

    • Parameter name: api_id, this is a parameter that is issued after addition of an HTTP sub-product to your Clickatell account. A single account may have multiple API IDs associated with it.

    • Parameter name: from

      Parameter value: sender’s phone number

  7. Click Add secure and create the following parameter in HTTP request body.

    • Name: password

      Value: current password that is set on the account

    For more information about the additional parameters for Clickatell, see the Clickatell documentation.

    NOTE:The parameters may differ for different SMS service providers. But the {phone} and {message} variables are mandatory.

SignalWire

Before you configure SignalWire as the SMS sender, ensure that you meet the following prerequisites:

  • In SignalWire, create a project, choose a sub-domain (part of the sign-up process), and obtain the Direct Inward Dialing (DID) number.

  • Create an API token, obtain the Project Key and Token to configure in the SMS sender policy of the Advanced Authentication Administration portal.

To configure SignalWire as the SMS sender perform the following steps:

  1. Select Generic from Sender service.

  2. Specify the masked value that you want to display for the SMS in Recipient Mask.

    The SMS OTP of the users is masked when users authenticate with the SMS OTP method.

    NOTE:For Advanced Authentication 6.3 Service Pack 3 and newer versions, Recipient Mask field is not available. In Advanced Authentication 6.3 Service Pack 3 and newer versions, the SMS OTP of the users is masked by default.

    NOTE:The default value is set and if you do not change the Recipient Mask value, the default value is considered for masking of the SMS OTP.

  3. Specify a Service URL value.

    For example, https://{yourdomain}.signalwire.com/api/laml/2010-04-01/Accounts/{project key}/Messages.json

  4. Specify the Project Key (obtained from SignalWire) in HTTP Basic Authentication Username.

  5. Specify the Token (obtained from SignalWire) in HTTP Basic Authentication Password.

  6. Select POST from HTTP request method.

  7. Click Add and create the following parameters in HTTP request body:

    • Parameter Name: to

      Parameter Value: {phone}

    • Parameter Name: from

      Parameter Value: DID number of your SignalWire project.

    • Parameter Name: body

      Parameter Value: {message}

    NOTE:Ensure that the from phone number is in E.164 format. Number in this format starts with a plus (+) symbol and the country code.

    For example, if India based phone number is (91) 123-4567 then the E.164 formatted number is +911234567.

    For more information, see SignalWire API reference.

LOX

To configure LOX as the SMS sender perform the following steps:

  1. Select Generic from Sender service.

  2. Specify the masked value that you want to display for the SMS in Recipient Mask.

    The SMS OTP of the users is masked when users authenticate with the SMS OTP method.

    NOTE:For Advanced Authentication 6.3 Service Pack 3 and newer versions, Recipient Mask field is not available. In Advanced Authentication 6.3 Service Pack 3 and newer versions, the SMS OTP of the users is masked by default.

    NOTE:The default value is set and if you do not change the Recipient Mask value, the default value is considered for masking of the SMS OTP.

  3. Specify a Service URL value.

    For example, https://www.lox24.eu/API/httpsms.php?konto=1&password=APIV1Key&service=5\

  4. Specify the Project Key (obtained from LOX) in HTTP Basic Authentication.

  5. Specify the Token (obtained from LOX) in HTTP Basic Authentication.

  6. GET from HTTP request method.

  7. Click Add and create the following parameters in HTTP request body.

    • Parameter name: user

      Parameter value: name of your account

    • Parameter name: to

      Parameter value: {phone}

    • Parameter name: text

      Parameter value: {message}

    • Parameter name: from

      Parameter value: sender’s phone number

  8. Click Save icon after entering Parameter name and Parameter value each time.

  9. Click Add secure and create the following parameter in HTTP request body.

    • Name: password

      Value: current password that is set on the account.

For more information about the additional parameters for LOX, see the LOX documentation.

13.33.2 Twilio

To configure SMS sender settings for Twilio service, perform the following steps:

  1. Select Twilio in Sender service.

  2. Recipient Mask: Specify the masked value that you want to display for the SMS.

    The SMS OTP of the users is masked when users authenticate with the SMS OTP method.

    NOTE:For Advanced Authentication 6.3 Service Pack 3 and newer versions, Recipient Mask field is not available. In Advanced Authentication 6.3 Service Pack 3 and newer versions, the SMS OTP of the users is masked by default.

    NOTE:The default value is set and if you do not change the Recipient Mask value, the default value is considered for masking of the SMS OTP.

  3. Specify the following details:

    • Account sid and Authentication token: In Twilio, the Account SID acts as a username and the Authentication Token acts as a password.

      NOTE:After you save the configuration, Authentication token will not be displayed even in the masked form.

      NOTE:If the authentication token is not visible then the configuration has been saved. Specify the Authentication token again before sending a test message as the Test button reads the message from the UI. The real messaging service reads the message from the Advanced Authentication database.

    • Use Copilot: The copilot option is used to send SMS from a Twilio’s phone number of your location. This is helpful when SMS messages have to be sent across the geographical locations. For example, with copilot, SMS will be sent from Indian phone number to the Indian users. Without copilot, SMS will be sent from US phone number to the Indian users.

      For more information on Copilot option and its features, see https://www.twilio.com/copilot#phone-number-intelligence and https://www.twilio.com/docs/api/rest/sending-messages-copilot#features.

      • Messaging Service SID: Service SID.

    • Sender phone: This is the from phone number received from Twilio. Specify the Twilio phone number that you own and prefix the country code and backslash (\).

      For example, 91\9191919191

For more information, see the Twilio website.

13.33.3 MessageBird

To configure SMS sender settings for MessageBird service, perform the following steps:

  1. Select MessageBird in Sender service.

  2. Recipient Mask: Specify the masked value that you want to display for the SMS.

    The SMS OTP of the users is masked when users authenticate with the SMS OTP method.

    NOTE:For Advanced Authentication 6.3 Service Pack 3 and newer versions, Recipient Mask field is not available. In Advanced Authentication 6.3 Service Pack 3 and newer versions, the SMS OTP of the users is masked by default.

    NOTE:The default value is set and if you do not change the Recipient Mask value, the default value is considered for masking of the SMS OTP.

  3. Specify the Username, Password, and Sender name.

For more information, see the MessageBird website.

IMPORTANT:MessageBird API v2 is not supported. To activate MessageBird API v1, perform the following steps:

  1. Go to the MessageBird account.

  2. Click Developers in the left navigation bar and open the API access tab.

  3. Click Do you want to use one of our old API's (MessageBird V1, Mollie or Lumata)? Click here.

You can test the configurations for the SMS sender policy in the Test section.

  1. Specify the phone number in Phone to which you want to send the SMS OTP.

  2. Specify a message to be sent to the phone in Message.

  3. Click Send test message!.

  4. Click Save.

    Real messaging uses async sender. Ensure that you have configured a chain with the SMS method and assigned it to an event. Then sign-in to the Self-Service portal and test the SMS authenticator. If it does not work, see the async logs.