Managing Out-of-Band Authentication

Out-of-Band authentication uses two independent networks to separate the OTP delivery channel from the authentication channel.

ActivID AS supports two OOB Two separate networks work independently to authenticate a user - an OTP is sent to the user via SMS or SMTP email and the user then uses the OTP to authentciate via the internet. delivery channels to deliver the OTP - SMS or Email.

The actual SMS/Email OTP is a random number generated by ActivID AS and sent to the user by SMS or email through a delivery gateway.

Note: You can configure multiple SMS and/or Email Delivery Gateways. If the primary gateway fails, then a secondary gateway is automatically used .
  • OOB SMS/Email OTPs can be used through a RADIUS channel or any other channel type.
  • SMS OTPs can be triggered through a username/activation code or by the service provider.

Users authenticate using the OTP. If the OTP is entered incorrectly, the user can try multiple times before being required to request a new OTP.

A user can be registered for both OTP device authentication and SMS authentication. The OOB authentication can be used when the token is not available (that is, lost/forgotten).

Prerequisites: The user must have a valid email address and/or telephone number, and the OOB Delivery Gateway must be configured for the OOB authenticator.
Note:

Topics in this section:

See also:

Create Custom OOB Credential Types and Devices