Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
The Telephony Delivered Code Identity Authenticator may be used to deliver a verification code to a telephone number (e.g. by SMS or voice message) stored in a specified attribute of a user's SCIM resource, and then verify the code subsequently entered by the user.
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The Telephony Delivered Code Identity Authenticator component inherits from the Identity Authenticator
The following components have a direct aggregation relation from Telephony Delivered Code Identity Authenticators:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ authentication-method-reference | |
| ↓ schema-urn | |
| ↓ attribute-path | |
| ↓ code-generator | |
| ↓ code-validity-duration | |
| ↓ requires-validation | |
| ↓ messaging-provider | |
| ↓ message-body | |
| ↓ obfuscated |
| Description | A description for this Identity Authenticator |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
authentication-method-reference
| Description | Specifies identifiers of the authentication methods provided by this Telephony Delivered Code Identity Authenticator. Each value is exposed in the "amr" (authentication method reference) claim in an ID token, and also the "lastLoginMethods" and "lastSecondFactorMethods" properties of a user session SCIM sub-resource. |
| Default Value | otp |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The URN which identifies the SCIM extension schema that should contain attributes intended for this Telephony Delivered Code Identity Authenticator in authentication request and response messages. |
| Default Value | urn:pingidentity:scim:api:messages:2.0:TelephonyDeliveredCodeAuthenticationRequest |
| Allowed Values | A URN begins with 'urn:', is followed by a namespace component that is no more than 32 alpha-numeric characters long, which is followed by one or more colon-delimited identifiers consisting of legal URN characters (letters, digits, and characters in '()+,-.:=@;$_!*'). For example, a URN in the 'acme' namespace might be "urn:acme:identity:User.name". |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the path of the telephone number attribute on the user's SCIM resource. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The verification code generator that will be used to create a new code to be delivered to the end user. |
| Default Value | None |
| Allowed Values | The DN of any Verification Code Generator. If this Telephony Delivered Code Identity Authenticator is enabled, then the associated verification code generator must also be enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The maximum length of time the verification code remains valid after it has been issued. |
| Default Value | 2m |
| Allowed Values | A duration. Lower limit is 1 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Whether this authenticator is only applicable if the user's current telephone number was validated using the Telephony Validator SCIM Sub Resource Type Handler. When set to true, only the telephony messaging provider used to validate the telephone number may be used to deliver the verification code. If set to false, this authenticator can use any current telephone number and telephony messaging provider. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the telephony messaging providers that may be used to deliver the verification code. If a messaging-provider is not specified in the authentication request, the first one in this list will be used. |
| Default Value | None |
| Allowed Values | The DN of any Telephony Messaging Provider. The associated telephony messaging providers must be enabled. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the text that should be used for messages generated by this authenticator. The message body must contain the token "%code%" which will be dynamically replaced by the generated one-time code. |
| Default Value | Ping Identity Data Governance Authentication Code: %code%. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the phone number returned in the authenticator response should be obfuscated. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Identity Authenticators:
dsconfig list-identity-authenticators
[--property {propertyName}] ...
To view the configuration for an existing Identity Authenticator:
dsconfig get-identity-authenticator-prop
--authenticator-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Identity Authenticator:
dsconfig set-identity-authenticator-prop
--authenticator-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Telephony Delivered Code Identity Authenticator:
dsconfig create-identity-authenticator
--authenticator-name {name}
--type telephony-delivered-code
--set attribute-path:{propertyValue}
--set code-generator:{propertyValue}
--set requires-validation:{propertyValue}
--set messaging-provider:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Identity Authenticator:
dsconfig delete-identity-authenticator
--authenticator-name {name}