Configure one-time password delivery methods

Passwords can be delivered to the user through Short Message Service (SMS) or email.

Steps

  1. Log in to the local management interface.

  2. Click AAC.

  3. Under Policy, click Authentication.

  4. Click Mechanisms.

  5. Click the delivery type.

    • SMS One-time Password
    • Email One-time Password

  6. Click Modify.

  7. Click the Properties tab.

    1. Select a property to configure.

    2. Click Modify.

    3. Enter the value for that property.

    4. Click OK.

  8. Take note of the properties for the delivery method.

      SMS

        Basic Authentication User Name
        The user name used in HTTP Basic authentication.

        SMS Delivery does not perform the HTTP basic authentication if this configuration is not specified.

        Required: False
        Multi-value: No
        Example: username

        Basic Authentication Password
        The password used in HTTP basic authentication.

        SMS Delivery does not perform HTTP Basic authentication if this configuration is not specified.

        Required: False
        Multi-value: No
        Example: password

        Connection URL
        The URL of the SMS Gateway where the phone number of the user and the one-time password is sent.
        Required: True
        Multi-value: No
        Example: https://smsgateway.tfim.example.com/

        HTTP Request Parameters
        The list of name and value pairs included in the body of the HTTP POST request to the SMS Gateway. In each pair, the name and the value must be separated by equal sign.

        Two macros, $DEST_NO$ and $MSG$, are replaced by the phone number of the user and the content of the SMS. These two macros can be used only as value in the name and value pair.

        Required: True
        Multi-value: Yes
        Example:

        • From=+0123456789

        • To= $DEST_NO$
        • Body= $MSG$

        Success HTTP Response Body Regex Pattern
        This parameter defines the Java™ regular-expression pattern matching the HTTP response body that is returned by the SMS Gateway. When the match is successful, the SMS delivery is successful.

        The default value is empty.

        The default behavior is the HTTP response body is not going to be matched against any Java regular-expression and the success or failure decision is going to be based on the SuccessHTTPReturnCode value only. If the HTTP response from the SMS Gateway does not contain a body, this matching is not performed.

        Required: False
        Multi-value: No
        Example:

        • When the body of all responses by the SMS Gateway contains either Success or Failure followed by no newline character, the sample SuccessHTTPResponseBodyRegexPattern value is 
          Success

      • When the body of all responses by the SMS Gateway contains the following text: 
        MGDID=TTTTTTTTTTTTT
RESPONSECODE=NNN
SMS=TTTTTTTTTTTTTTTTTTTTTT
DATE=NNNNNNNN
        where each line ends with the \n character without any preceding \r character, and the RESPONSECODE is defined such that a three-digit number from 0 to 199 indicates success, the sample SuccessHTTPResponseBodyRegexPattern value is 
        (?s).*
RESPONSECODE=(\d{1,2}|[0-1]{1}\d{2})\n.*

    Success HTTP Return Code
    The response code from the SMS Gateway that is an acknowledgement from the SMS Gateway the request is successfully processed.

    The default SuccessHTTPReturnCode, which is 200, is used when this configuration is not specified. The SuccessHTTPReturnCode match must be successful before this matching is done.

    Required: False
    Multi-value: No
    Example: 200

    HTTPS Trust Store
    The keystore that validates the SMS Gateway SSL certificate.

    This configuration must be specified only when SMS Delivery communicates with the SMS Gateway by using HTTPS.

    Required: False
    Multi-value: No
    Example: rt_profile_keys

    Client Authentication Key
    The certificate used as client certificate in SSL Client authentication.

    SMS Delivery does not perform SSL Client authentication if this configuration is not specified.

    Required: False
    Multi-value: No
    Example: rt_profile_keys

    Email

      Sender Email
      The email address used as the sender of the email sent to the user.
      Required: True
      Multi-value: No
      Example: otp_emailer@example.com

      SMTP Host Name
      The host name of the SMTP Server.
      Required: True
      Multi-value: No
      Example: smtpserver.tfim.example.com

      SMTP User Name
      The user name used in SMTP authentication.
      Required: False
      Multi-value: No
      Example: username

      SMTP Password
      The password used in SMTP authentication.
      Required: False
      Multi-value: No
      Example: password

      Use SSL
      Use SSL for the connection to the SMTP server.
      Required: True
      Multi-value: No
      Example: false

      Enable STARTTLS
      Defines Whether STARTTLS will be used to negotiate TLS to the SMTP server.
      Required: True
      Default: false
      Type: Boolean

      TLS protocol
      TLS protocol to be used when connecting to the SMTP server.
      Required: True
      Default: TLS
      Type: String

  9. Click Save.


What to do next

When configuring the mechanism, a message indicates that changes are not deployed. Deploy changes when we are finished. For information, see Deploying pending changes.

Parent topic: Authentication