KOBIL mTAN
KOBIL mTAN
The main task is to authenticate the user based on OTP sent to the user through SMS.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
How to configure
To access the config of the execution press the Actions button and select Config. The authenticator configuration screen will appear. Then enter your config data.
Note: Please make sure the appropriate execution name and the user mobile number(to receive mTAN OTP) are set to the user attributes Required user Actions and phone respectively(phone is a custom attribute that could be added to user attributes list). Refer User management section to know about user attribute configuration. Additionally, the SMS Provider configuration must be added to the Realm settings -> SMS. Refer Realm management section for the configuration procedure.
Configuration
Parameters involved in KOBIL mTAN execution
| Parameter | Description |
|---|---|
| Alias | Provide an alias name for the configuration to be set. |
| Mobile number attribute | Provide the attribute in which the user mobile number is stored. Default value is 'phone'. |
| SMS code time to live | Provide the validity of the sent code in seconds. |
| Length of the SMS code | Provide the length of the SMS code. Default value is 6. |
| Template of text to send to the user | Provide the message to be displayed to the user, while triggering OTP. Use %sms-code% to display the generated SMS code. |
| OTP Resend Count | Provide the maximum number of times a user can request for a new OTP. |
| Excute One Time | Enable this to add the attributes mtan_verified and mtan_verified_timestamp to the user after the first execution so that consecutive logins do not require explicit mTan execution. |
User Flow
Execution Flow
This execution contains the following main steps:
- KOBIL mTAN must be preceded by another Authenticator since it procures a username from this precedent authenticator. For instance: KOBIL Login for user identification.
- An OTP is generated and sent to the user through SMS.
- User should enter the OTP in the mobile application for authentication.
- If authentication is successful, the user is logged in.