One of the authentication options offered by Password Manager is a phone-based authentication. It enables you to require users to enter a verification code on the Self-Service or Helpdesk site. The verification code can be sent as an SMS or automated call. The phone-based authentication service is by provided by TeleSign.
When starting a workflow containing phone-based authentication, Password Manager checks whether the phone-based authentication service is enabled in the provided license. The workflow is executed only if this service is enabled in the license.
To use phone-based authentication on the Self-Service and Helpdesk sites, add the Authenticate via Phone activity in self-service and helpdesk workflows. When configuring this activity, you can specify AD LDS attributes from which phone numbers can be retrieved, and available authentication methods, i.e. SMS or automated voice call.
Phone numbers that belong to Private Branch Exchange (PBX) are also supported. PBX phones require either a live switchboard operator or an automated attendant to complete the call. By default, Password Manager supports automated attendant scenario. It can be configured for live operators by changing
PhoneNumberExtensionType parameter in QPM.Service.Host.exe.config file. For automated attendants, set
PhoneNumberExtensionType to 1 and for live operators, set PhoneNumberExtensionType to 2.
PhoneNumberExtensionType set to 1 (DTMF digits are dialed), include commas in the
PhoneNumberExtensionTemplate, where each comma represents one second pause in the dialing sequence. To increase the pause in the dialing sequence, add the required number of commas in
PhoneNumberExtensionTemplate in the configuration file.
|NOTE: The phone number extension must be configured with extension separator in the Active Directory. Phone number with extension must have 'x' or 'X' in it to separate the extension number from the phone number as given in the following examples:
For more information on configuring this activity, see Authenticate via Phone.
To use the phone-based authentication service, the following requirements must be met: