Skip to main content
Skip table of contents

OTP SMS / Mail authentication

My-Access offers authentication via OTP sent by email or SMS, compatible with authentication to access Web applications, mobile applications and heavy clients.

Enrollment process

Activation

Users need a specific right to be able to enroll this authentication method.

This activation can be done:

  • Manually by an administrator

  • Automatically from Memority policy (identity or role) which can use identity attributes characteristic

Enrollment

To be able to send an OTP on email address or SMS, users must be enrolled either:

  • Manually through the Memority portal

  • Automatically from Memority policy based on identity attributes

Self-Service

Self-Service features may rely on the Self-Service Authentication Hub provided by My-Keys.

From the End User Memority portal, users can access the OTP SMS / Mail enrollment feature in order to:

  • Enroll new email address / mobile phone number

  • Manage existing enrollments (disable or remove email address and phone number)

End user SMS / mail enrollments

When enrolling a new email address or phone number, the user must follow several steps:

Step 1: Fill the Email address / Phone number to enroll

Memority’s enrollment process allows to manually define the email address / phone number where OTP will be sent during authentication.

OTP Mail enrollment

OTP SMS enrollment

Step 2: Validate OTP

To validate the enrollment, an OTP is sent on the email address / phone number filled on the previous step. This OTP received must be reported on the verification step.

image-20240709-143059.png

After the completion with the correct OTP, user will be automatically redirected to a success Memority screen.

image-20240709-143242.png

OTP by email address and SMS can also be automatically enrolled for a scope of users based on Memority policies. Enrollment is then based on identity attributes stored by Memority.

Administration

Administrators can manage enrollment(s) using the Self-Service Authentication Hub provided by My-Keys, displaying valuable information about each enrolled device:

  • Email address / Phone number

  • Status

  • Enrollment date

  • Last Used date with some information about it (IP, …)

  • Type (mail or mobile)

For each enrollment they can:

  • Disable it:  This action allows to disable the authentication for this email / phone number for the identity. While the enrollment is disabled it cannot be used by users to authenticate, but the enrollment is not deleted: it may be used again once it has been reactivated.

  • Remove it:  After the deletion, users with other enrollments will be able to use them to authenticate. Otherwise, they may have to enroll a new email or phone number to authenticate using this method.

image-20240709-152014.png

Mail and SMS OTPs automatically expire once their configurable validity period is reached.

Authentication process

As for other authentication modes, once the method activated and an enrollment of an email or phone number performed, a new module will be available.

OTP email and OTP SMS are different modules.

image-20240709-152844.png

After selection OTP mail or OTP SMS, an OTP is automatically sent to the email address / phone number enrolled. If, for the authentication means selected, user has more than one enrollment (many email address enrolled or many phone number enrolled), user must select where the OTP need to be sent for this authentication. For security reason, email address and phone numbers are partially obscured.

image-20240709-152815.png

Once OTP received on email address or mobile phone, user must report it on Memority authentication screen

image-20240709-152959.png

Once authentication is successful, users will be redirected to the application.

Read Next

FIDO2 For Windows Hello, Yubikeys & Passwordless Authentication — My-Access offers Passwordless Authentication using Fido2 or Windows Hello tokens. FIDO2 is the passwordless evolution of FIDO U2F.
OTP SMS / Mail authentication — My-Access offers authentication via OTP sent by email or SMS, compatible with authentication to access Web applications, mobile applications and heavy clients.
OATH For Authenticator Apps — My-Access offers authentication through OATH to generate TOTPs on mobile Authenticator Apps such as Google Authenticator, Microsoft Authenticator or any other eligible application.
x509 Certificates For Chip Cards & Badges — My-Access offers Authentication using x509 certificates, namely for chip card (badges) authentication or for certificates stored in browsers.
Passwords (Including LDAP/AD passwords) — Memority offers password authentication natively.
IDP Proxy — My-Access supports SAML2, OIDC and OAuth2 protocols as Service Provider (SP) in a scenario where user authentication/authorization is delegated to an external Social Network (Meta, Google, X, etc.) or private third party Identity Provider (IdP) using their own local credentials.
Kerberos Authentication — My-Access supports transparent Kerberos authentication.
Secure Cookie — Memority provides authentication via Secure Cookie (“Trust this device”), which is mostly used in B2C contexts.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close