Identity Cloud

LexisNexis One-Time Passcode (OTP)

LexisNexis One Time Password (OTP) is an out-of-band identity proofing method that provides stronger authentication for high risk, high-value transactions. It sends a unique time-sensitive random passcode via SMS text, email, or phone to a user’s existing phone or personal computer. No additional hardware, such as an electronic fob, is required.

Identity Cloud lets you implement identity proofing with LexisNexis OTP using these authentication nodes:


The LexisNexis Dynamic Decision Platform (DDP) portal configuration is required for enabling integration with Identity Cloud. Complete the following configuration steps:

  1. Get configuration details such as OrgID and API key for the REST API interface from the LexisNexis DDP portal.

  2. Configure LexisNexis DDP portal policies to enable access to LexisNexis OTP services from Identity Cloud.

Get configuration details from the LexisNexis DDP portal

To retrieve the OrgID and API Key from the LexisNexis DDP portal, perform these steps:

  1. Log in to your account on the LexisNexis DDP portal.

  2. On the home page, select the user information drop-down to display username, OrgName, and OrgID. Make a note of the OrgID. You’ll need it to configure LexisNexis OTP nodes.

  3. Select Admin > API Keys tile to retrieve the API Key. You’ll need it to configure LexisNexis OTP nodes. If no API key is listed, select Create New API Key to generate a new key.[1]

Configure LexisNexis OTP policies on Identity Cloud

You must configure OTP policies before you can integrate Identity Cloud as the authentication hub. To get started with simple policy rules, perform the following steps:

  1. Log into the LexisNexis DDP portal using your administrative account.

  2. On the DDP portal home page, go to Policies > Create > New Policy (Standard).

  3. On the Policy Summary page, the Properties tab displays. Enter OTP in the Policy Name field, select Active, and update the status thresholds for Reject and Review to -20 and 20 respectively.

  4. Select the Rules tab, and set the OTP policy rules using the Authentication Rule Editor. The OTP policy is a single authentication rule that integrates the authentication hub.

  5. Save the policy.

Consult with LexisNexis ThreatMetrix services for a more comprehensive policy configuration.


This example shows a sample authentication journey using LexisNexis OTP Nodes for identity proofing and multi-factor authentication (MFA). The sample journey lets the user select the OTP delivery method, generates an OTP code, collects and verifies the user-entered code and authenticates the user on success.

lexis otp journey

The flow is as follows:

  • The LexisNexis OTP Sender node user selects the OTP delivery method.

  • The LexisNexis OTP Collector node lets the user input the received OTP.

  • The LexisNexis OTP Decision node verifies the user entered OTP and authenticates the user.

  • OTP Fail node, a message node, displays the failure condition such as user rejection, API failure, or OTP failure.

  • Integration Error node, a message node, displays the errors such as network time out at LexisNexis DDP portal.

  • No OTP Methods node, a message node, displays if no OTP delivery method has been configured.

1. This API Key is required to configure the LexisNexis OTP nodes. The API Key is to be protected. Do not email or keep this value in clear text on any computer system.
Copyright © 2010-2024 ForgeRock, all rights reserved.