Mobile Code (SMS)
When a user authenticates with the Mobile Code (SMS) identity service, they will receive a one-time six-digit code via an SMS message, which they must enter in order to successfully identify themselves.
Example: Below is an example of a six-digit code in Specops Authentication.
As an administrator, you can configure Mobile Code (SMS) to suit the specific policies of your organization. You can decide:
- If your users are automatically enrolled with Mobile Code (SMS).
- If your users can manually enter their mobile phone number during enrollment.
- If each user’s mobile number is displayed/hidden/partially hidden when they authenticate in Specops Authentication .
To configure Mobile Code (SMS), follow these steps:
Note on phone numbers in Active Directory
Important: in order for text messaging to function correctly in uReset 8, the mobile phone number registered in Active Directory has to follow the E.164 numbering plan format. This means that mobile phone numbers have to have the following format: +[country_code][subscriber_number_omitting_first_zero]. For example, for the Swedish (country code 46) phone number 073-3123456, the number in AD should be +46733123456; for the US (country code 1) phone number 415 555 2671, the format in AD should be +14155552671.Note that registering phone numbers in Active Directory using any other format will result in the service desk agent being unable to send text messages to the user in question.
Configuring Mobile Code (SMS)
- Sign in to Specops Authentication Web .
- Click Identity Services.
- From the Identity Services list, select Mobile Code (SMS).
- In the Attribute name in AD field, specify the mobile attribute that is used in Active Directory. The default attribute is “mobile”. If you are using a custom mobile attribute in Active Directory, enter this in the Attribute name in AD field instead.
- In the Require that users manually enroll field, specify whether users are automatically enrolled with Mobile Code (SMS), or if they can manually enroll. If select No (meaning users are not required to enroll), any user who has a valid mobile number configured on their user account in AD will be able to authenticate with Mobile Code (SMS) without having to enroll with it.
-
From the Update mobile number in AD field, select one of the
following options:
- Always: If this option is selected, a user can manually enter their mobile phone number when they enroll with Mobile Code (SMS).
- Never: If this option is selected, a user cannot manually enter their mobile phone number when enrolling with Mobile Code (SMS). Instead, the mobile phone number is automatically taken from their account information in Active Directory. If a user’s mobile phone number changes, an administrator must update it in Active Directory on their behalf.
- If the number is missing in Active Directory: If this option is selected, a user’s mobile phone number can be added/updated if it is missing from their account information in Active Directory.
- Store in user subobject (encrypted): If this option is selected, the mobile number will be stored encrypted in the AD user subobject. The mobile number is stored encrypted, not accessible from Active Directory.
-
In the Show mobile number when authenticating field, specify
whether the entire mobile number of each user will be displayed, hidden,
or partially displayed on-screen during authentication.
Example: Below is an example of what it would look like for a user, if you choose to hide part of the mobile number.
Example: Below is an example of what it would look like for a user, if you choose to hide the entire mobile number.
- [Optional] Check Use IP address to determine country code for mobile number when enrolling. When enrolling with their mobile phone number for mobile code, the country code will automatically be added based on the IP address of the user.
- [Optional] Set a default country code when enrolling by using the drop-down.
- Click Save, to save the configuration.