REL-ID for MobileREL-ID APIsREL-ID for Web
Guides
Start typing to search…

SMS-based OTP

🎯 Purpose

Provides authentication through one-time passwords delivered via SMS text messages to the user's registered mobile number. This factor offers broad accessibility as it works with any mobile phone capable of receiving text messages.

📋 Prerequisites and Requirements

RequirementStatusDescription
Mobile Number✅ RequiredValid mobile number must be registered during activation
Cellular Service✅ RequiredDevice must have active SMS capability
SMS Reception✅ RequiredPhone must be able to receive text messages
REL-ID SMS Service✅ System ProvidedREL-ID platform handles SMS delivery

🔄 SMS OTP Authentication Flow

  1. Number Verification: System validates user has registered mobile number
  2. OTP Generation: 6-digit numeric code generated by system
  3. SMS Transmission: Code sent via SMS to registered mobile number
  4. Message Reception: User receives text message with authentication code
  5. Code Entry: User manually enters 6-digit code on web portal
  6. Server Validation: System validates entered code against generated code
  7. Time Validation: Code must be used within expiration window
  8. Authentication Result: Valid code allows authentication to proceed

⚙️ Configuration and Management

System Configuration

SettingLocationDescriptionImpact
smsOtpallowed.auth.factorsEnable/disable SMS OTP for authenticationControls if SMS OTP available during login
smsOtpallowed.reg.factorsEnable/disable SMS OTP registrationControls if users can register mobile numbers

Mobile Number Registration Process

  1. Number Entry: User provides mobile number during activation or in User Portal
  2. Format Validation: System checks number format and validity
  3. Test SMS: Verification code sent to provided number
  4. Confirmation: User enters verification code to confirm number ownership
  5. Storage: Verified mobile number stored for future authentication use

Mobile Number Update Process

  1. Portal Access: User accesses security settings in User Portal
  2. Re-authentication: Full authentication required before number change
  3. New Number Entry: User provides replacement mobile number
  4. Verification SMS: Test code sent to new number for verification
  5. Confirmation: User enters verification code from new number
  6. Update Complete: New number replaces old number in system

📊 SMS Delivery Characteristics

CharacteristicDetailsNotes
Delivery TimeUsually 1-30 secondsCan vary by carrier and network conditions
Code Length6 digitsStandard numeric format
ExpirationConfigurable (typically 5-10 minutes)Code becomes invalid after expiration
Resend CapabilityAvailable if initial SMS not receivedRate limiting may apply
International SupportDepends on SMS service configurationMay have additional costs or restrictions

🎯 Success and Failure Scenarios

✅ Success Scenarios

  • SMS Delivered: Text message successfully reaches user's mobile device
  • Code Entered Correctly: User enters exact 6-digit code from SMS
  • Within Time Limit: Code used before expiration period
  • Number Active: Mobile number is active and can receive messages

❌ Failure Scenarios

Failure TypeCauseUser ExperienceResolution Options
No Mobile NumberUser hasn't registered mobile number"No mobile number registered" errorGuide user to number registration process
SMS Not DeliveredNetwork issues, invalid number, or carrier blockingNo SMS receivedOffer resend option or alternative authentication
Wrong CodeUser entered incorrect digits"Invalid code" error messageAllow retry with same code
Expired CodeCode used after expiration time"Code expired" errorGenerate and send new code
Carrier IssuesSMS service problems or delaysDelayed or missing SMSProvide alternative authentication methods

Resend Functionality

  • User Option: "Resend SMS" link available if code not received
  • Rate Limiting: Prevents abuse with time delays between resend attempts
  • Alternative Methods: System may suggest other authentication factors if SMS consistently fails
  • Troubleshooting: Users guided to check phone reception and SMS blocking settings

Mobile Number Management

  • Registration Required: Number must be registered before SMS OTP can be used
  • Verification Process: All numbers verified through test SMS during registration
  • Update Capability: Users can change numbers through User Portal
  • Security: Number changes require re-authentication to prevent unauthorised modifications

Updated 19 days ago