SMS security codes are a quick and convenient authentication factor your users can manage with OneLogin's multi-factor authentication (MFA). When a user attempts to access their account, they'll receive a one-time passcode (OTP) in a text message that they must enter in order to finish signing in. This guide walks you through how to set up OneLogin SMS as a security factor for your users.
Prerequisites
This process requires an account with one of these SMS providers:
SMS authentication can also be used with Tesco Mobile or your preferred SMS provider. Reach out to your OneLogin account representative to enable Tesco or custom SMS configuration!
Be sure you have access to all the necessary details associated with your SMS account, such as an SID or Service Key, AuthToken, and phone number or short code, as you will need to enter these into OneLogin during configuration.
Important: Some countries and SMS providers have specific requirements and regulations for the content of automated text messages. Always consult your local laws and provider documentation for the most current template requirements before configuring an SMS template either here or in your customized branding.
- When configuring with MSG1, your template must contain only the
{{otp_code}} macro and no other text. The variable name OTP must also be used in the template configured in the MSG91 website.
- When configuring with TextLocal, your template text must include the
{{otp_code}} macro and exactly match the template configured in your TextLocal account.
In your OneLogin admin portal, create a new authentication factor and choose OneLogin SMS from the OneLogin category.
|
Square icon
|
If you want the factor to display a custom icon for your organization, you can upload a square, transparent PNG or SVG file with dimensions at least 96x96 pixels.
|
|
User description
|
Leave the default title of OneLogin SMS or enter the description of this factor that you'd like displayed for your users.
|
|
Use the phone number in
|
Select the correct user field storing the phone number used for SMS verification. The default value of User -> Phone Number is typically the best choice, but you can choose another value or any custom user field you've previously configured.
|
|
OTP Timeout
|
Select the length of time for the code to remain valid. After this time passes, users can request a new code.
|
|
OTP format
|
Select whether you'd like the codes to use both letters and numbers or numbers only.
|
|
Custom SMS Message
|
Leave this field blank to accept the default message displayed, or enter a custom message up to 160 characters. The message must include the {{otp_code}} macro to indicate where the code will appear in the message.
This field is only used in the event that you have not applied a custom brand to your SMS authentication. If you have, your customized SMS templates will apply instead.
|
|
SMS Provider
|
Select your preferred SMS provider. The remainder of the fields in this form will update to request the provider-specific details necessary for your configuration.
|
Once the factor has been configured, you can establish a user policy to allow or require your users to set up OneLogin SMS as an authentication factor, as well as choose whether to allow them to edit the phone number associated with OneLogin SMS.
If SMS is required, the user will be prompted to configure it the first time they access their account. Otherwise, they can set up the optional factor from their user profile.
User is unable to configure security factor:
Problem: You have configured and saved OneLogin SMS as a possible security factor for your users. They can see it as an option when they attempt to set up a security factor, but when they select it, they're shown an error message advising them to contact their administrator.
Solution: This message appears when your SMS provider settings have not been properly configured. Contact your provider to verify your SID, auth token, or other details and be sure they're entered correctly in the authentication factor configuration.
User is not receiving text messages:
Problem: The user has set up the security factor and registered their phone number with OneLogin SMS, but is not receiving the SMS messages with the codes.
Solution:
- Verify that the correct Use the phone number in... field has been chosen in your admin configuration and that this is the field where the user entered their phone number.
- Verify that the user entered their phone number in the correct format. The number must begin with a plus sign (+) and the correct country code. For example, in the UK, the number "07911 123456" should be entered as
+4407911123456, or in the US, the number "(555) 123-1234" should be entered as +15551231234.
|