SMS

The SMS authentication enhances account security by sending a one-time passcode (OTP) to the user's registered mobile number. The OTP is required during the sign-in process to ensure that only the authorized user can access the account.

How SMS authentication works

The SMS authentication consists of these steps:

  1. The user specifies the username and password on the sign-in page.
  2. After successful validation, an OTP is generated and sent through SMS to the user's registered mobile number.
  3. The user specifies the OTP to complete the sign-in process.
  4. After successful verification, the user gains access.

Limitations

The SMS authentication has these limitations:

  • Susceptibility to SIM swapping: Attackers may exploit mobile network vulnerabilities to intercept SMS messages.
  • Network dependency: Users in areas with poor cellular coverage may experience delays or failures in receiving OTPs.
  • Limited availability: SMS MFA is only available for the customers in the United States of America. Other regions are not supported.

Admin configuration

To enable SMS as a multi-factor authentication (MFA) provider, select Security Administration > Settings > General Settings > MFA Configuration.

After you enable SMS as an MFA option, no additional administrator configuration is required. After activation, users are prompted during their next sign-in to register their mobile phone numbers. This registration is a one-time setup process required to receive authentication codes through SMS.