OTP SMS Sender node

The OTP SMS Sender node uses an email-to-SMS gateway provider to send an SMS message containing a generated one-time password (OTP) to the user.

The node sends an email to an address formed by joining the following values together:

The user’s telephone number, obtained by querying a specified profile attribute, for example, telephoneNumber.
The @ character.
The email-to-SMS gateway domain, obtained by querying the profile attribute specified by the Mobile Carrier Attribute Name property.

For example, if configured to use the TextMagic email-to-SMS service, the node might send an email through the specified SMTP server to the address: 18005550187@textmagic.com.

Example

The following example demonstrates using an OTP in a multi-factor authentication journey:

The Page node with the Username Collector node and the Password Collector node prompts for the user credentials.
The Data Store Decision node confirms the username-password credentials.
The HOTP Generator node generates an eight-digit OTP.
The Choice Collector node prompts the user to choose whether they want to receive the OTP via email or SMS.
- If the user chooses email, the OTP Email Sender node sends the OTP to the user’s email address.
- If the user chooses SMS, the OTP SMS Sender node sends the OTP to the user’s mobile number.
The OTP Collector Decision node prompts the user to enter the OTP they received and verifies it. If the OTP is correct, the user is authenticated.

Availability

Product	Available?
PingOne Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	Yes

Product

Available?

PingOne Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

This node requires the realm and username properties in the incoming node state.

Implement a Platform Username node earlier in the journey.
This node requires the oneTimePassword property in the incoming node state.

Implement the HOTP Generator node earlier in the journey.

Dependencies

The node requires a configured email-to-SMS gateway provider.

Additionally, the user’s profile must contain a valid telephone number.

Configuration

Property Usage

Mail Server Host Name (required)

The hostname of the SMTP email server.

Mail Server Host Port

The outgoing mail server port.

Common ports are 25, 465 for SSL/TLS, or 587 for StartTLS.

Mail Server Authentication Username

The username Advanced Identity Cloud uses to connect to the mail server.

Mail Server Authentication Password

The password Advanced Identity Cloud uses to connect to the mail server.

This property is deprecated. Use the Mail Server Secret Label Identifier instead.

If you set a Mail Server Secret Label Identifier, this password is ignored.

Mail Server Secret Label Identifier

An identifier used to create a secret label for mapping to a secret in a secret store.

Advanced Identity Cloud uses this identifier to create a specific secret label for this node. The secret label takes the form am.authentication.nodes.otp.sms.identifier.password where identifier is the value of Mail Server Secret Label Identifier. The identifier can only contain alphanumeric characters a-z, A-Z, 0-9, and periods (.). It can’t start or end with a period.

If you set a Mail Server Secret Label Identifier and Advanced Identity Cloud finds a matching secret in a secret store, the Mail Server Authentication Password is ignored.

Email From Address (required)

The email address from which the OTP will appear to have been sent.

Mobile Phone Number Attribute Name

The attribute in the user profile that contains the mobile phone number to which the SMS with the OTP is sent.

Default: telephoneNumber

Mobile Carrier Attribute Name

The attribute in the user profile that contains the mobile carrier domain for sending SMS messages.

By default, an Advanced Identity Cloud user profile doesn’t have an attribute for the mobile carrier domain.

You can customize the user profile by adding a new attribute to it, then populate that attribute with users' SMS messaging domains.

All mobile carriers and bulk SMS messaging services have associated SMS messaging domains. For example, Verizon uses vtext.com, T-Mobile uses tmomail.net, and the TextMagic service uses textmagic.com. If you plan to send text messages internationally, determine whether the messaging service requires a country code.

If you leave the Mobile Carrier Attribute Name property empty, Advanced Identity Cloud defaults to sending SMS messages using txt.att.net for all users.

The subject of the message

Click Add to add a new message subject. Enter the locale, such as en-uk, in the Key field and the subject in the Value field. Repeat these steps for each locale that you support.

The content of the message

Click Add to add the content of the message. Enter the locale, such as en-uk, in the Key field and the email content in the Value field. Repeat these steps for each locale that you support.

Mail Server Secure Connection

Set the connection method to the mail server.

If you set a secure method here, Advanced Identity Cloud must trust the server certificate of the mail server.

The possible values for this property are:

NON SSL/TLS
SSL/TLS
Start TLS

Default: SSL/TLS

Gateway Implementation Class

The class the node uses to send SMS and email messages.

Default: com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl

Outputs

This node copies shared and transient state into the outgoing node state.

Outcomes

Single outcome path.

Implement an OTP Collector Decision node after this node to continue the authentication journey.

Errors

The node throws an IdRepoException and an SSOException error if it’s unable to obtain the user’s telephone number.

Authentication nodes