When a user authenticates with the Mobile Code identity service, they will receive a one-time six-digit code via an SMS message, which they must enter in order to successfully identify themselves.
Example: Below is an example of a six-digit code in Specops Authentication.
As an administrator, you can configure Mobile Code to suit the specific policies of your organization. You can decide:
- If your users are automatically enrolled with Mobile Code.
- If your users can manually enter their mobile phone number during enrollment.
- If each user’s mobile number is displayed/hidden/partially hidden when they authenticate in Specops Authentication .
To configure Mobile Code, follow these steps:
Note on phone numbers in Active Directory
Important: in order for text messaging to function correctly in
- Sign in to Specops Authentication Web .
- Click Identity Services.
- From the Identity Services list, select Mobile Code.
- In the Attribute name in AD field, specify the mobile attribute that is used in Active Directory. The default attribute is “mobile”. If you are using a custom mobile attribute in Active Directory, enter this in the Attribute name in AD field instead.
- In the Require that users manually enroll field, specify whether users are automatically enrolled with Mobile Code, or if they can manually enroll. If select No (meaning users are not required to enroll), any user who has a valid mobile number configured on their user account in AD will be able to authenticate with Mobile Code without having to enroll with it.
From the Update mobile number in AD field, select one of the
- Always: If this option is selected, a user can manually enter their mobile phone number when they enroll with Mobile Code.
- Never: If this option is selected, a user cannot manually enter their mobile phone number when enrolling with Mobile Code. Instead, the mobile phone number is automatically taken from their account information in Active Directory. If a user’s mobile phone number changes, an administrator must update it in Active Directory on their behalf.
- If the number is missing in Active Directory: If this option is selected, a user’s mobile phone number can be added/updated if it is missing from their account information in Active Directory.
- Store in user subobject (encrypted): If this option is selected, the mobile number will be stored encrypted in the AD user subobject. The mobile number is stored encrypted, not accessible from Active Directory.
In the Show mobile number when authenticating field, specify
whether the entire mobile number of each user will be displayed, hidden,
or partially displayed on-screen during authentication.
Example: Below is an example of what it would look like for a user, if you choose to hide part of the mobile number.
Example: Below is an example of what it would look like for a user, if you choose to hide the entire mobile number.
- Click Save, to save the configuration.