SMS

SMS authentication enhances account security by sending a one-time passcode (OTP) to the user's registered mobile number. The OTP is required during the sign-in process to ensure that only the authorized user can access the account.

How SMS authentication works

The SMS authentication consists of these steps:

  1. The user specifies the username and password on the sign-in page.
  2. After successful validation, an OTP is generated and sent through SMS to the user's registered mobile number.
  3. The user specifies the OTP to complete the sign-in process.

Limitations

The SMS authentication has these limitations:

  • Susceptibility to SIM swapping: Attackers may exploit mobile network vulnerabilities to intercept SMS messages.
  • Network dependency: Users in areas with poor cellular coverage may experience delays or failures in receiving OTPs.
  • Limited availability: Multi-factor authentication (MFA) with SMS is only available for customers in the United States of America. Other regions are not supported.

Admin configuration

To enable SMS as an MFA provider, select Security Administration > Settings > General Settings > MFA Configuration.

After you enable SMS as an MFA option, no additional configuration is required. After activation, users are prompted during their next sign-in to register their mobile phone numbers. This registration is a one-time setup process required to receive authentication codes through SMS.