Send OTPs through Auth0

Updated 2 years ago

OTP (one time password) is a string of characters or numbers automatically generated to be used for one single login attempt.

With Auth0 + ClickSend integration, you can send OTPs through SMS.

Benefits of OTP

Resistance to replay attacks
Difficult to guess
Reduced risk when passwords are compromised

How to install ClickSend SMS to Auth0?

First you need to have an account with Auth0 and ClickSend.
On Auth0 Marketplace, click Add Integration , then select a tenant and continue.
Allow access to Read and share user profile information and then Continue.
You will be then auto-redirected to Library where you'll need to enter your ClickSend account credentials to connect the integration.
- 'ClickSend username' is the username you use in ClickSend
- 'ClickSend API Key' is the key found in the ClickSend dashboard: https://dashboard.clicksend.com/#/account/subaccount
Click Create to add this connection to your Library.
Click the Add to flow link on the pop-up that appears.
Drag the ClickSend Action into the desired location in the flow. Click Apply.
Enable OTP: Go to Dashboard Menu > Security > Multi-factor Auth. Look For One-time Password and enable.
When you scroll dow a bit on same page. You would see Define Policies. Then set require multi-factor auth to always and Save.
Enable Phone Message: Go to Dashboard Menu > Security > Multi-factor Auth. Look For Phone Message Factor and Configure.
Choose Custom for delivery provider and SMS for delivery method.
Edit your templates. Enable the Phone Message by toggling above switch. Click Save when complete
{{code}} - the code automatically generated on this placeholder
{{tenant.friendly_name}} - name of your tenant. You can actually change / set up a tenant friendly name under Settings.
Test MFA Flow: Create a user under User Management section.