Configure SMS OTP

With the Signicat SMS OTP service, you can perform SMS-based user authentication.

This page describes how to configure SMS OTP on the Signicat Dashboard.

Want to learn more?

For general information about integrating with Signicat, see the eID and Wallet Hub Quick start guide.

Prerequisites

If you do not have an account already, then you need to sign up to the Signicat Dashboard for free and complete the initial preparations. To do this:

1. Sign up to the Signicat Dashboard and register your profile.
2. Ensure that you have created an organisation.
3. Create an account. To do this:
   1. Go to Signicat Dashboard > Organisation, then select + Add account.
   2. Enter an account name, choose the type of account that you want to create, then select Create.
4. Create a domain. To do this:
   1. Go to Signicat Dashboard > Settings > Domain management, then select + Add domain.
   2. To create a standard domain, enter a domain name. Then, select Add domain.
   3. To create a custom domain, follow the instructions in the Custom domains documentation.

Account types

We recommend that you create a sandbox account to test our services before going live. Sandbox and production accounts must be set up separately.

Add SMS OTP

To use an eID, you first need to activate it. In the Signicat Dashboard:

1. In the Signicat Dashboard, navigate to Products > eID and Wallet Hub > eIDs.
2. Select + Add new in the top right.
3. Choose SMS OTP from the list.
4. Select Add to activate the eID.

SMS OTP should now appear in the list of available eIDs with the status set to "Active".

Test SMS OTP in the Dashboard

After you activate SMS OTP, you can simulate an authentication flow in the Signicat Dashboard.

Test message warning

If you are testing our services with a sandbox account, then we prepend all emails and SMS messages with a Test message warning.

1. In the Signicat Dashboard, navigate to Products > eID and Wallet Hub > eIDs.
2. Select Test eIDs on the top-right side.
3. Optional. If you have multiple eIDs active in your account, select SMS OTP from the list of identity providers.
4. Enter your phone number, then select Next.
5. Open the messenger app in your phone and copy the one-time password.
6. Enter one-time password in the SMS OTP UI, then select Verify.

You are now presented with a success page where you can review the flow metadata.

Test your integration

Before going live with SMS OTP in production, we recommend that you test your integration with an authentication protocol, as explained below.

Customise SMS service settings

When using the Signicat SMS OTP service to send OTP codes to end-users, your integration inherits the SMS settings configured in the Signicat Communication service.

On the Branding > Communication > SMS page in the Dashboard, you can manage the SMS settings for your account. In particular, you can customise:

• SMS sender name
• SMS provider (primary and secondary)

Learn more about the SMS settings below or in the Communication SMS documentation.

Customise SMS sender name

A custom SMS sender name lets you unify the user experience with your own brand and products. By changing the sender name, you can display your business name to the recipient of the SMS.

By default, the SMS sender name is set to "Signicat". You can change the sender name in one of two ways:

• Global level: Applies to all SMS messages you send. You change the setting on the SMS page in the Signicat Dashboard. For more details, see the Communication > SMS documentation.
• Request level: Overrides the SMS sender name in a specific authentication flow/request. You pass the SMS sender name as a parameter in the authentication request. When employed, this method has precedence above all other options. Find out how to do this for each protocol in the respective guides below.

Theming

The Signicat Theming services lets you customise your themes to offer a consistent branding experience to your end-users.

To customise the theming of the SMS OTP authentication flow, follow the instructions in the Theming documentation.

Set up a connection with a protocol

To establish a connection between Signicat SMS OTP service and your application, you need to integrate with an authentication protocol.

With Signicat you can integrate using the following authentication protocols:

• OpenID Connect (OIDC)
• Security Assertion Markup Language (SAML) 2.0
• Signicat Authentication REST API

See the guides in the Implement with a protocol section below for instructions relevant to SMS OTP.

Picking a protocol

OIDC and SAML 2.0 are official identity protocols. We recommend using OIDC since implementing SAML 2.0 involves more advanced steps.

The Authentication REST API - developed and maintained by Signicat - offers more flexibility and supports headless and redirect integration flow(s) (grant type).

You can find integration guides and more information about each protocol in the Signicat eID and Wallet Hub documentation.

Implement with a protocol

To establish a connection with Signicat SMS OTP, select an implementation guide with an authentication protocol below:

Integration with OIDC

Integrate with SMS OTP using OpenID Connect

Integration with REST API

Integrate with SMS OTP using Signicat Authentication REST API

Integration with SAML 2.0

Integrate with SMS OTP using SAML 2.0

For more information about the authentication protocols, see the Signicat eID and Wallet Hub documentation.

Advanced security

To protect your implementation from fraudulent attacks, make sure you follow the security recommendations in the Security measures page.