13.32 SMS Sender

In this policy, you can configure the settings for the SMS OTP method. The SMS OTP method sends SMS messages with one-time passwords to the users. Advanced Authentication contains predefined settings for Twilio and MessageBird services.

Authentication Flow

The authentication flow for the SMS sender in Advanced Authentication is described in the following image.

A user wants to authenticate on an endpoint such as a laptop or a website with the SMS method. The following steps describe the authentication flow:

  1. When the authentication request is initiated, the endpoint contacts the Advanced Authentication server.

  2. The Advanced Authentication server validates the user’s credentials and gets a phone number of the user from a Repository.

  3. Advanced Authentication server sends the request to a configured SMS Service Provider to send an SMS message with the content that includes a one-time password (OTP) for authentication.

  4. SMS Service Provider sends the SMS message to the user's phone.

  5. SMS Service Provider sends the 'sent' signal to the Advanced Authentication server.

  6. Advanced Authentication server sends a request to the user to specify an OTP on the endpoint.

  7. The user specifies the OTP from the SMS message. The Advanced Authentication server gets the OTP.

  8. Advanced Authentication server then validates the authentication. The authentication is done or denied.

HTTP/HTTPS protocol is used for the communication.

Access configuration

Advanced Authentication server - SMS Service Provider (HTTP/HTTPS, outbound).

The Sender Service consists of the following three options: