OTPGetMethods mapping rule

OTPGetMethods specifies the methods for delivering the one-time password to the user. This sample mapping rule sets password delivery conditions for the following delivery methods:

Each delivery method includes the following attributes and their corresponding value:

id
Specifies a unique delivery method ID. This value replaces the @OTP_METHOD_ID@ macro in the OTP Method Selection page. Use a unique value across different methods. For example, sms.
deliveryType
Specifies the delivery plug-in that delivers the one-time password. The value must match one of the types in the DeliveryTypesToOTPDeliveryModuleIds parameter of the OTP response file. For example, sms_delivery.
deliveryAttribute
Specifies an attribute associated with the delivery type. The value depends on the one-time password provider plug-in for the delivery type. For example:
  • For SMS delivery, the value is the mobile number of the user. For example, mobileNumber.
  • For email delivery, the value is the email address of the user. For example, emailAddress.
  • For no delivery, the value is an empty string.
label
Specifies the unique delivery method to the user. For time-based and counter-based one-time password, use this attribute to specify the secret key of the user. If label is not specified, the time-based and counter-based one-time password code retrieves the key by invoking the user information provider plug-in. This parameter replaces the @OTP_METHOD_LABEL@ macro in the OTP Method Selection page.
otpType
Specifies the one-time password provider plug-in that generates and verifies the password. The value must match one of the types in the OTPTypesToOTPProviderModuleIds parameter of the OTP response file. For example, mac_otp.
userInfoType
Specifies which user information provider plug-in to use to retrieve user information that is required to calculate the one-time password. This parameter is only required if user information is used for calculation of the one-time password.
To customize one-time password delivery, we can do one of the following actions:

You can also customize the mapping rule to use access control context data. For details see, Customizing one-time password mapping rules to use access control context data.

Parent topic: Managing mapping rules