13.35 Voice Sender

In this policy, you can configure the settings for the Voice and Voice OTP methods. Advanced Authentication supports the Twilio service for the Voice methods.

To configure Voice Sender settings for Twilio service, perform the following steps.

  1. Recipient Mask: Specify the masked value that you want to display for the Voice OTP.

    The Voice OTP of the users is masked when users authenticate with the Voice OTP method.

    NOTE:For Advanced Authentication 6.3 Service Pack 3 and newer versions, Recipient Mask field is not available. In Advanced Authentication 6.3 Service Pack 3 and newer versions, the Voice OTP of the users is masked by default.

    NOTE:The default value is set and if you do not change the Recipient Mask value, the default value is considered for masking of the Voice OTP.

  2. Specify the following details in the Voice sender policy:

    • Account sid and Authentication token: In Twilio, the Account SID acts as a username, and the Authentication Token acts as a password.

    • Sender phone: The phone number of the sender.

    • Server url: The public URL to which the Twilio service connects for authentication. This URL points to the Public External URLs (Load Balancers) policy. You can use http protocol for testing purpose, but for production environment you must use https protocol. You must have a valid certificate when you use https.

  3. You can test the configurations for the Voice sender policy in the Test section.

    1. Specify the phone number in Phone to which you want to send the Voice OTP.

    2. Specify a message to be sent to the phone in Message.

    3. Click Send test message!.

  4. Click Save.

    Real messaging uses async sender. Ensure that you have configured a chain with the Voice OTP method and assigned it to an event. Then sign-in to the Self-Service portal and test the Voice authenticator. If it does not work, see the async logs.

IMPORTANT:The users may receive calls with the voice Application error. This happens because of incorrect settings or invalid certificates. Ensure that the certificate is valid and is not expired. Invalid certificates cannot be applied by Twilio.

Authentication Flow

The authentication flow for the Voice sender in Advanced Authentication is described in the following image.

A user wants to authenticate on an endpoint such as a laptop or a website with the Voice Call method. The following steps describe the authentication flow:

  1. When the authentication request is initiated, the endpoint contacts the Advanced Authentication server.

  2. The Advanced Authentication server validates the user’s credentials and gets a phone number of the user from a repository.

  3. Advanced Authentication server sends the request to a configured voice call service provider (Twilio) to call the user.

  4. The voice call service provider calls the user.

  5. The user picks up the phone, listens to the call, and specifies the PIN followed by the hash (#) sign.

  6. Voice call provider sends the specified PIN to the Advanced Authentication server.

  7. Advanced Authentication server then validates the authentication. The authentication is done or denied.

HTTP/HTTPS protocol is used for the communication.

Access configuration

Advanced Authentication server - Voice Call Service Provider (HTTP/HTTPS, inbound/ outbound).