These steps will guide you through setting up SMS security codes as an authentication factor for OneLogin.
This uses Twilio as an SMS provider, which will send a password to users that attempt to login with a properly configured security policy.
- Your administrator has a Twilio account that supports SMS messaging.
- Your administrator has enabled OneLogin OTP SMS as an authentication method for the account.
To configure SMS OTP, do the following:
- Log into your Twilio account as an account owner.
- Go to Account Name > Account > API credentials and copy down the AccountSID and AuthToken strings.
Also, if you don't have your Twilio number, go to Numbers and copy that.
- Log into your OneLogin account as the Account Owner and go to Settings > Account Settings, and select the SMS tab.
- Select which user field will hold the phone number Twilio will send the SMS to.
OneLogin defaults to User -> Mobile
- Enter in your Twilio AccountSID, Authentication Token, and Number into their respective fields.
- Click Save.
You've now configured OneLogin OTP SMS for your account.
To register SMS OTP as a user, do the following:
- Log into your OneLogin account as an end user.
- Go to the corner menu and select Profile > Security.
- In the Security page, select the plus sign ‘+’ to add a new authentication factor.
- Select OneLogin OTP SMS from the dropdown menu.
- Click Send Security Code to mobile
OneLogin will send a security code to the mobile number specified earlier.
- Input the code received into the Security Code field.
- Click Continue.
- Your registered device will appear under Authentication Devices in the security page.
Confirm with your administrator how the OTP policy for users is set, whether its for every single login attempt or only for browsers unknown to the user account.
- Upon logging in, the user will be prompted for their SMS Security Code.
This will be sent automatically to the device and is valid for 120 seconds
- Enter the security code and click Log In.
The user will be logged in and their OneLogin SMS OTP successfully configured.