OTP over SMS or E-mail

Authentication using One-time passwords (OTP) provides an extra level of security during the authentication process. OpenIAM supports:

  • OTP over SMS / E-mail
  • TOTP using the OpenIAM authenticator.

This section describes how you configure OTP. OpenIAM provides the flexibility of defining which URLs need a higher level of security and which ones don't. This allows you determine if you want, for example, to enable OTP based authentication for an entire application like the Webconsole or for a specific operation or application that has a higher level of sensitivity.

Configuring authentication provider

The first step is to update the authentication provider. To do this, go to:

  • Webconsole -> Access Control -> Authentication providers
  • Select the provider by searching in the Authentication Provider Search box. If you are using the default authentication provider then select Default OpenIAM Auth Policy. You will see a screen similar to the one below.

OTP auth provider

From the screen above, enable the OTP delivery mechanisms that you want to support. The options are explained below:

  • Supports SMS One-Time-Password - Delivers the OTP over SMS
  • Supports Email One-Time-Password - Deliver the OTP over e-mail.

Ensure that you have configured your SMTP Gateway and SMS Gateway.