Introduction
LogonBox supports One-Time Password Delivery via Email which can be used for Password Resets, Unlocking Accounts, or even just logging on to the user or admin portals.
This article explains how to configure your LogonBox to use this Authentication method.
1. Configuring the Authentication Scheme
It is important to note that you can apply different authentication flows for eight different types of logon: User Login, Password Reset, Client, Account Unlock, SSO, Windows Login, Windows RDP Login and Admin.
Each of these can have their own default authentication flow configured, but for this article we shall alter Password Reset as this is a common use case.
Navigate to Authentication Flows->Schemes and edit Password Reset. Note that by default this is configured with a blue Username module and a green User Selective 2FA one.
Let’s replace User Selective 2FA with One Time Password. Click on the trashcan icon inside the User Selective 2FA module to remove it. Now click the plus icon next to One Time Password to add it into the authentication flow and click Save at the bottom.
You can now optionally click on the edit icon inside the One Time Password module to alter some options relating to One Time Password.
On the Prompt tab you can set the message that the system prompts the user for when the OTP is generated.
In the Email tab, you can control how the OTP code is generated. As your emails may be delivered to mobile clients as well as desktops, it might be a good idea to set Symbol Chars to 0 to remove the difficulty of entering these characters from a mobile keyboard. You can set a minimum number of Digits, Lowercase, Uppercase and Symbol characters as well as defining which symbols can be used and the OTP length that is generated.
Click Apply to save the changes, then Save on the Update Flow page to save the new configuration.
2. Altering the text of the OTP Message Template (optional)
The message sent via One Time Password is configured via a Message Template. You may wish to alter the text of the message that will be delivered to your users.
To do this, navigate to Messages and edit the existing Message Template named One Time Password Generated.
Here you can alter the Subject and the Body of the email, but ensure you leave in the ${password} attribute as this is replaced with the user's unique OTP at the time of sending. You may also set a HTML body for the email too if desired.
In the Options tab, read receipts can be turned on if required with the Track option. In the Delivery tab, Deliver To is set to PRIMARY by default. This will send the OTP to the email address on the user's account. If you have chosen to add alternative emails stored in LogonBox only, you could choose here to change this to SECONDARY or ALL. Save the changes by clicking Save.
3. Testing
Let’s perform an example Reset Password action to ensure this is now working. On the main portal page, click Reset Password.
The next screen then prompts for the Username as expected. Type in the username and click Next.
The user will now get the prompt to enter the OTP which is now emailed to them.
The One Time Password should be delivered to your email account.
After entering the One Time Password, you are then prompted to change your password.
