7.31 Voice OTP

In the Voice OTP authentication method, a user receives an OTP over a call. The user must specify this OTP on the device where the authentication is happening. The OTP must be used within a specific time frame. Voice OTP is recommended to use with other methods, such as Password or LDAP Password.

To configure the Voice OTP method, specify the following details:

  • OTP period: The time period for which the Voice OTP is valid. Default time is 120 seconds. The maximum value for the Voice OTP period is 360 seconds.

    NOTE:From Advanced Authentication 6.3 Service Pack 6, the maximum value for the OTP period is 86400 seconds (1 day).

  • OTP format: The length of the Voice OTP token. Default length is 4.

  • Body: The text or number in the Voice OTP that is sent to the user. You can specify the following variables:

    • {otp}: One-Time-Password to be sent to the user.

      To repeat the one-time password during the call, you can specify: Use the OTP for authentication: {otp}. OTP: {otp}.

    • {number}: Sequence of the OTP, user is required to specify to authenticate.

      To include the sequence of OTP and repeat the one-time password, you can specify: Your One-Time Password number {number} and the OTP is {otp}, one more time: {otp}.

  • Allow re-sending after (seconds): The duration from previous OTP to re-send a fresh OTP for authentication.

  • User cell phone attribute: Cell phone number of a user that is used to send the OTP through a call. You can use custom attributes such as mobile, homePhone, ipPhone, and other attributes of a repository. You must define the attribute inUser Cell Phone Attributes User Cell Phone Attributes of the Repositories section.

    NOTE:If you do not configure the attribute in the method settings, then the first attribute defined in the User Cell Phone Attributes section of Repository configuration is used when the user tries to authenticate. For example, if you define mobile as the first attribute in User cell phone attribute and do not configure the attribute in method settings of Voice OTP, then while authenticating, the first attribute, which is the mobile attribute, is used for the Voice OTP method authentication.

  • Allow overriding phone number: Option that allows to prevent users from providing a phone number that is not registered in the LDAP repository. The option is set to ON by default. Set to OFF to prevent users to specify a different phone number during the enrollment.

  • Verify phone number: Option that sends the verification code to a specified phone number and allows users to validate the phone number during the manual enrollment. The option is set to OFF by default. Set this option to ON to permit users to check whether the phone number is valid before the enrollment.

  • Allow user enrollment without a phone: Option to configure settings for the user to enroll the Voice OTP authenticator without a phone number in the repository.

    Set this option to OFF to ensure that a user does not enroll the Voice OTP authenticator without a phone. The user gets an error message that you can specify in Error message.

    Set this option to ON to allow the user to enroll the Voice OTP authenticator without a phone.

  • Allow as first authentication method: Option that allows a user to authenticate using a chain where Voice OTP authenticator is the first authentication method.

    The option is set to ON by default. Set this option to OFF to prevent user from authenticating using a chain where Voice OTP authenticator is the first authentication method.

    If the option is set to OFF, and a user tries to authenticate using a chain where the Voice OTP method is the first authentication method, the user is displayed a The method cannot be first in the login chain message and the user cannot authenticate.

To configure the Voice OTP method as the second factor authenticator to secure Windows workstation, see