Skip to main content

Configure SMS OTP

With the Signicat SMS OTP service, you can perform SMS-based user authentication.

This page describes how to configure SMS OTP on the Signicat Dashboard.

For more general information on how to integrate with Signicat, see the Quick start guide.

Prerequisites

This set-up guide assumes you have completed the following initial preparations:

Sandbox account

We recommend you create a sandbox account to test our services before implementing them in production.

Add SMS OTP

To use an ID method, you first need to activate it. In the Signicat Dashboard:

SMS OTP should now appear in the list of available ID methods with the status set to "Active".

Test SMS OTP in the Dashboard

After you activate SMS OTP, you can simulate an authentication flow in the Signicat Dashboard.

  1. Go to eID Hub > ID Methods.
  2. Select Test ID methods on the top-right side.
  3. Optional. If you have multiple ID methods active in your account, select SMS OTP from the list of identity providers.
  4. Enter your phone number, then click Next.
  5. Open the messenger app in your phone and copy the one-time password.
  6. Enter one-time password in the SMS OTP UI, then click Verify.

You are now presented with a success page where you can review the flow metadata.

Test your integration

Before going live with SMS OTP in production, we recommend that you test your integration with an authentication protocol, as explained below.

Customise SMS service settings

When using the Signicat SMS OTP service to send OTP codes to end-users, your integration inherits the SMS settings configured in the Signicat Communication service.

On the Communication > SMS, you can manage the SMS settings for your account. In particular, you can customise:

  • SMS sender name
  • SMS provider (primary and secondary)

Learn more about the SMS settings below or in the Communication SMS documentation.

Customise SMS sender name

A custom SMS sender name lets you unify the user experience with your own brand and products. By changing the sender name, you can display your business name to the recipient of the SMS.

By default, the SMS sender name is set to "Signicat". You can change the sender name in one of two ways:

  • Global level: Applies to all SMS messages you send. You change the setting on the SMS page in the Signicat Dashboard. For more details, see the Communication > SMS documentation.
  • Request level: Overrides the SMS sender name in a specific authentication flow/request. You pass the SMS sender name as a parameter in the authentication request. When employed, this method has precedence above all other options. Find out how to do this for each protocol in the respective guides below.

Set up a connection with a protocol

To establish a connection between Signicat SMS OTP service and your application, you need to use an authentication protocol.

Picking a protocol

Choice of protocol depends on what you prefer, what your application supports and what you want to achieve. With Signicat, you can choose between:

  • OpenID Connect (OIDC)
  • Security Assertion Markup Language (SAML) 2.0
  • Signicat Authentication REST API

OIDC and SAML 2.0 are official identity protocols, while the Authentication REST API is a solution developed and maintained by Signicat.

The Signicat Authentication REST API gives you a lot of flexibility and supports headless and redirect integration flow(s) (grant type).

If you want to use an official identity protocol, we recommend using OIDC, since SAML 2.0 is much more complex to implement on your side and usually requires a federation agent already in place. OIDC is industry standard and you do not need to manage user sessions on your own (like with the Authentication REST API).

Set up the protocol

To integrate to SMS OTP with OIDC or the Signicat Authentication REST API, select one of the guides below:

For more information about the different protocol types, see the Signicat eID Hub documentation.