In the Voice authentication method, a user receives a call with a PIN request, after which the user must specify the PIN on his or her phone.
The following workflow describes the Voice authentication method in Advanced Authentication:
A user tries to authenticate with the Voice method.
The user receives a call on the phone with a PIN request.
User must specify the PIN that has been enrolled in the Self-Service portal during the enrollment.
After the user specifies the PIN followed by a hash (#) symbol, user is authenticated with the Voice method.
IMPORTANT:Phone number with extensions are supported for this method.
Special characters ,
and x
are used to indicate wait time and can be used as separators between phone number and extension.
For example, if +123456789 is the phone number and 123 is the extension, then it can be specified as +123456789,,,,123.
In the above example, ,
is specified 4 times and this multiplied by 0.5 (default value in Twilio) indicates the wait time, which is 2 (4*0.5) seconds. First, call is sent to the number 123456789 and after a wait period of 2 seconds, the extension 123 is dialed.
To configure the Voice method, specify the following details:
Minimum PIN length: The length of the PIN must be at least three characters long.
Maximum PIN age: The validity period of a PIN. The default value is 42 days. If you set the age to 0, the PIN will not expire.
User cell phone attribute: The cell phone number of a user that is used to call the user for voice authentication. You can use custom attributes such as mobile, homePhone, ipPhone, and other attributes of a repository. You must define the attribute in User Cell Phone Attributes
of the Repositories section.
NOTE:If you do not configure the attribute in the method settings, then the first attribute defined in the User Cell Phone Attributes
section of Repository configuration is used when the user tries to authenticate. For example, if you define mobile as the first attribute in User cell phone attribute and do not configure the attribute in method settings of Voice, then while authenticating, the first attribute, which is the mobile attribute, is used for the Voice method authentication.
Allow overriding phone number: Option that allows to prevent users from providing a phone number that is not registered in the LDAP repository. The option is set to ON by default. Set to OFF to prevent users to specify a different phone number during the enrollment.
Allow user enrollment without a phone: Option to configure settings for the user to enroll the Voice authenticator without a phone number in the repository.
Set this option to OFF to ensure that a user does not enroll the Voice authenticator without a phone. The user gets an error message that you can specify in Error message.
Set this option to ON to allow the user to enroll the Voice authenticator without a phone.
Allow as first authentication method: Option that allows a user to authenticate using a chain where Voice authenticator is the first authentication method.
The option is set to ON by default. Set this option to OFF to prevent user from authenticating using a chain where Voice authenticator is the first authentication method.
If the option is set to OFF, and a user tries to authenticate using a chain where the Voice method is the first authentication method, the user is displayed a The method cannot be first in the login chain message and the user cannot authenticate.
IMPORTANT:Advanced Authentication does not notify a user about the expiry of a PIN.