Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SAS PCE documentation
- Explore Thales Docs

SAS PCE
Agents
MobilePASS+
SafeNet Access Exchange
BSIDCA API
- BSIDCA endpoints
- BSIDCA custom attributes
Integrations
Account management
Release Notes

All

All

Tokens

SMS/Email/Voice OTP Delivery Methods

Please Note:

SAS PCE
Get started
- System Requirements
- Installation
  - Install SafeNet Authentication Service
  - Prepare database
  - Configure SafeNet Authentication Service
  - Configure SafeNet Authentication Service for High Availability
  - Configure for MobilePASS and MobilePASS+ Enrollment
  - Onboarding for MobilePASS+ enrollment
  - SAS PCE Windows Services Startup Recommendations
  - Security and Compliance
- Upgrade
  - SafeNet Authentication Service pre-upgrade checklist
  - SafeNet Authentication Service upgrade - primary data center
  - SafeNet Authentication Service upgrade - secondary data center
  - SafeNet Authentication Service post-upgrade checklist
  - Additional Considerations
- System setup
  - Setup
  - Communications
  - Logging
Dashboard
- On-Boarding
- Virtual Servers
- Administration
Users and groups
- Configure individual users
- Manage tokens for a user
- Groups
- Containers
- Restrict access based on the time, day, or date
- User Policies
User synchronization
- LDAP sync server settings
- LDAP integration
- LDAP settings
Operators and roles
- Operators
- External Operators
- Provision roles automatically
- Alerts
Tokens
- Token types
  - Hardware tokens
    - OTP hardware token
    - KT-4 tokens
    - RB-1 tokens
  - Software tokens
    - GrIDsure
    - SMS OTP token
  - Third Party tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary Password Policy
- Token Passcode Processing Policy
- Configure server-side PINs
- Token synchronization
- Import SafeNet tokens
- Token inventory
- Deallocate inventory
- MobilePASS target and Push OTP settings
- SMS credits
- SMS/Email/Voice OTP Delivery Methods
- Quicklog authentication
- Initialize hardware tokens
Provisioning tokens to users
- Provision tokens
- Automate token provisioning
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for Push OTP
- Enable Push OTP and MobilePASS+
- Push OTP Rejection Policy
- Customize Push notifications and alerts
- Configure applications for Push OTP
- Token management and enrollment
- Push OTP authentications
RADIUS integration
- RADIUS third-party token support
- RADIUS attributes for users or groups
- Block RADIUS authentication
Server and agent settings
- Authentication Nodes
- Pre-authentication rules
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configure a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
- Display Device Information
- Download an encryption key for remote services
Self-service site
- Site appearance and default language
- Self-Service Modules
- Self-Enrollment pages
- Configure authorities, OOB enrollment, and policies
- Process requests and view reports
Branding the appearance
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Troubleshooting
- Authentication errors
- Error codes

SAS PCE documentation
SAS PCE
Tokens
SMS/Email/Voice OTP Delivery Methods

SMS/Email/Voice OTP Delivery Methods

Configure how the server generates OTPs and delivers them to users.

On the SAS console, select Policy > Token Policies > SMS/Email/Voice OTP Delivery Methods.
Configure the OTP delivery method settings:
- OTPs per message - From one to five OTPs can be sent in an SMS message. This method applies only if the SMS token is issued in QUICKLog mode. In this mode, the user receives an SMS message immediately after each successful authentication. By including more than 1 OTP, users that are temporarily outside of an SMS delivery zone will be able to authenticate until all OTPs in the message have been consumed.
  
  If the SMS token is issued in Challenge/Response mode, the OTP is not sent until the user attempts to logon. SMS Challenge/Response is usually combined with Single Sign-on, whereby the user must first successfully authenticate with the Active Directory password, after which the Virtual Server automatically sends the OTP necessary to complete the authentication and logon process.
- Resend OTP(s) on Challenge - If checked, the Virtual Server will send an OTP to the user if an empty or 1-character password is submitted in the OTP/password field during authentication.
- Request Interval - This setting determines the number of minutes that must elapse between Resend OTP on challenge requests. Requests received during this period are ignored by the server.
- Challenge Time to Live - This setting determines the lifespan of an OTP issued in Challenge/Response mode. An OTP that is unused after this period cannot be used to authenticate.
- Default delivery method
  - SMS - OTPs are sent to the user using SMS.
  - Email - OTPs are sent to the user's email address.
  - Voice - OTPs are sent to the user's phone.
  - SMS + Email - OTPs are sent to the user through SMS as well as email address.
  It is recommended that Voice OTP only be used with the SMS token template set to challenge/response. This ensures that a call is sent to the user during the authentication process.
  
  Voice OTP does not distinguish between uppercase and lowercase characters while delivering the OTP or PIN.
- Override default delivery method with trigger - If enabled, users can:
  - Type s in the passcode field of an authentication prompt to have it delivered by SMS
  - Type e in the passcode field of an authentication prompt to have their OTP delivered by email
  - Type c for both SMS and email delivery.
  If the user types any other character or leaves the passcode field empty, the OTP will be delivered by the default delivery method (if only one SMS token is assigned to the user).
  
  Use the following method field gets enabled only for Email and SMS + Email delivery methods.
- Use the following method - The options are Replacement and Suffix.
  - Replacement - OTPs are sent using the address from the field selected in the Use the following value option (described below). Typically, this will be a valid email address.
  - Suffix - OTPs are sent to an address that is the combination of the data in the Mobile/SMS field (User Detail) and the data contained in field selected in Use the following value option. For example, if Mobile/SMS contains 16135992441 and Custom #2 (selected) contains @na.rogers.com, the email will be sent to 16135992441@na.rogers.com.
- Use the following value from - This selection determines the field used to provide the data for Replacement and Suffix. Options are Email, Custom #1, #2, or #3.
Select Apply.

On this page

SafeNet Authentication Service Private Cloud Edition

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com