Identity Cloud

OTP SMS Sender node

The OTP SMS Sender node uses an email-to-SMS gateway provider to send an SMS message containing a generated one-time password (OTP) to the user.

The node sends an email to an address formed by joining the following values together:

  • The user’s telephone number, obtained by querying a specified profile attribute, for example, telephoneNumber.

  • The @ character.

  • The email-to-SMS gateway domain, obtained by querying the profile attribute specified by the Mobile Carrier Attribute Name property.

For example, if configured to use the TextMagic email-to-SMS service, the node might send an email through the specified SMTP server to the address: 18005550187@textmagic.com.

Compatibility

Product Compatible?

ForgeRock Identity Cloud

Yes

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

Prerequisites

  • The node requires a configured email-to-SMS gateway provider.

Inputs

This node requires the following input from the shared state:

  • The authenticating user’s ID. The node queries the user’s entry for a telephone number.

    Implement an Attribute Collector node node before this node to obtain the user’s ID.

  • The OTP stored in the oneTimePassword transient state property.

    Implement the HOTP Generator node before this node in the journey to obtain the OTP.

Configuration

Property Usage

Mail Server Host Name (required)

The hostname of the SMTP email server.

Mail Server Host Port

The outgoing mail server port.

Common ports are 25, 465 for SSL/TLS, or 587 for StartTLS.

Mail Server Authentication Username

The username AM uses to connect to the mail server.

Mail Server Authentication Password

The password AM uses to connect to the mail server.

This property is deprecated. Use the Mail Server Secret Label Identifier instead.

If you set a Mail Server Secret Label Identifier, this password is ignored.

Mail Server Secret Label Identifier

An identifier used to create a secret label for mapping to a secret in a secret store.

AM uses this identifier to create a specific secret label for this node. The secret label takes the form am.authentication.nodes.otp.sms.identifier.password where identifier is the value of Mail Server Secret Label Identifier. The identifier can only contain alphanumeric characters a-z, A-Z, 0-9, and periods (.). It can’t start or end with a period.

If you set a Mail Server Secret Label Identifier and AM finds a matching secret in a secret store, the Mail Server Authentication Password is ignored.

Email From Address (required)

The email address from which the OTP will appear to have been sent.

Mobile Phone Number Attribute Name

The attribute in the user profile that contains the mobile phone number to which the SMS with the OTP is sent.

Default: telephoneNumber

Mobile Carrier Attribute Name

The attribute in the user profile that contains the mobile carrier domain for sending SMS messages.

By default, an AM user profile doesn’t have an attribute for the mobile carrier domain.

You can customize the user profile by adding a new attribute to it, then populate that attribute with users' SMS messaging domains.

All mobile carriers and bulk SMS messaging services have associated SMS messaging domains. For example, Verizon uses vtext.com, T-Mobile uses tmomail.net, and the TextMagic service uses textmagic.com. If you plan to send text messages internationally, determine whether the messaging service requires a country code.

If you leave the Mobile Carrier Attribute Name property empty, AM defaults to sending SMS messages using txt.att.net for all users.

The subject of the message

Click Add to add a new message subject. Enter the locale, such as en-uk, in the Key field and the subject in the Value field. Repeat these steps for each locale that you support.

The content of the message

Click Add to add the content of the message. Enter the locale, such as en-uk, in the Key field and the email content in the Value field. Repeat these steps for each locale that you support.

Mail Server Secure Connection

Set the connection method to the mail server.

If you set a secure method here, AM must trust the server certificate of the mail server.

The possible values for this property are:

  • NON SSL/TLS

  • SSL/TLS

  • Start TLS

Default: SSL/TLS

Gateway Implementation Class

The class the node uses to send SMS and email messages.

Default: com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl

Outputs

This node copies shared and transient state into the outgoing node state.

Errors

The node throws an IdRepoException and an SSOException error if it’s unable to obtain the user’s telephone number.

Outcomes

Single outcome path.

Implement an OTP Collector Decision node after this node to continue the authentication journey.

Example

journey otp sms sender
Copyright © 2010-2024 ForgeRock, all rights reserved.