Using Kapow SMS for One-Time Password delivery

Introduction

All Hypersocket products that use the Hypersocket Framework support One-Time Password Delivery, whether that access is via the Web UI, the Hypersocket Client, or even SSH/SFTP for some products.

The method of delivery of One-Time Passwords is via Email, but this guide will show how you can use an SMS to Email gateway to send logon passwords to your users' mobile phones.

For this example, we will be using a service run by Kapow (https://www.kapow.co.uk)

 

1. Pre-requisite

You need to have the One Time Password Authentication extension installed. If it isn't installed, navigate to Extensions->Extensions and click on the Available tab.

Click the Download icon next to the extension call 'One Time Password Authentication Module'. Click Accept to start the download. When the download finishes, you will see a message saying 'Restart Required'. Click the power icon at the top of the UI and select Restart.

 

2. Kapow website configuration

Assuming you already have a Kapow account with SMS credits available, log on to their website. If you do not have an account yet, you can register via this link.

Navigate to SMS Centre, then Sending Options.

 

In the Trusted Email Addresses section, type in the email address that we'll be identifying as when we actually send messages and click Add.

 

3. SMTP settings

At this stage, if you do not want to enforce OTP for your admin account, or you want to use a different set of authentication for admin, it is worth taking a look at the following article:

Using a different authentication scheme for the admin account

We first need to tell Hypersocket which email server to send messages through. Navigate to Configuration->General and click on the Email tab. Enter all required details for your outbound email server. In this example we used a gmail SMTP account.

 

Make sure you set the From Address to the same you used for the trusted email address on Kapow.

 

4. Authentication Scheme

Navigate to Authentication->Schemes->Browser. Click on the plus icon next to One Time Password to add it into the authentication flow and click Save.

 

5. Update OTP email trigger

OTP is configured by default to send via email to the user's own email address. To change this to SMS, we need to use Kapow's SMS to Email gateway.

Navigate to Triggers and edit the existing trigger named Send OTP to user email.

 

We need to update the content of the email that is sent out in the format required by Kapow. As we already set a trusted email address in the Kapow account, it doesn't matter what appears in the body of the email, the text message should all be in the Subject line.

Click the Plain Message tab. Copy the text 'Your one time password is ${attr.otp}' from Body and paste it into the Subject, replacing the existing line. Feel free to alter the message as required, but do not leave out the ${attr.otp} as this will be replaced with the actual password that gets generated.

 

Click the Delivery tab, remove the existing ${currentUser.email} by selecting it and clicking the left arrow icon.

Now we need to add a new email address which will be based on the user's mobile number. In the To section, first click the ${} button and select ${currentUser.phone}. When that appears in the text field, type in @kapow.co.uk. Click the right arrow icon to add it, then click Update.

 

6. Setting mobile numbers for users

Note: UK phone numbers can be entered in the national format with a leading zero. All other numbers must be entered in the international format, excluding the leading '+' or '00'. E.g USA will start with '1'.

Now we need to check that our users have phone numbers set on their accounts. If you are using Active Directory, as long as the user has their Mobile field completed in AD Hypersocket will automatically use this.

In this example however, we are using a local user database so we need to add the number manually.

Navigate to Access Control->Users and edit the user we're going to test with.

Type in the user's mobile number in the Mobile field and click Update.

 

7. Testing

When logging in to the Hypersocket UI, the user first enters their username and password.

 

The next screen then prompts for the One Time Password.

 

Wait for your phone to receive the SMS message, then enter the password in the UI and complete the Logon.

 

You are now logged on.

 

Have more questions? Submit a request

Comments