Custom delivery options

The default delivery options of OTP (sms, mobile app) work perfect for most users, ESA can accommodate custom delivery options as well.

Standalone deployment type

In ESA Web Console navigate to Settings icon_settings, and click Delivery Options.

custom_delivery_options2

Here you can specify the path to your custom script by which you wish to handle provisioning or delivery of OTP. Click Insert attribute to view a list of parameters you can use to be passed to your custom script. For example, in order to deliver the OTP you must use the [OTP] parameter. You can also specify a custom string to be passed to your script (see parameter1 in the screenshot above).

Active Directory Integration deployment type

Open the ESA Management Console on your main computer, navigate to your domain node (in our example acswin2012.com), click Advanced Settings and then click Delivery Options.

custom_delivery_options

Here you can specify the path to your custom script (or look up the custom script by clicking the icon_dots button) by which you wish to handle provisioning or delivery of OTP. Click icon_down_arrow to view a list of parameters you can use to be passed to your custom script. For example, in order to deliver the OTP you must use the [OTP] parameter. You can also specify a custom string to be passed to your script (see parameter1 in the screenshot above).

Sample scenario available in Active Directory Integration deployment type - Delivering OTP via e-mail

Prerequisite:

Know the SMTP details of the email gateway we wish to use for sending the email message containing the OTP

Have a custom script for sending email messages

Have a custom .bat script we define the path to it in ESA Management Console as shown in the screenshot above, while this .bat script is going to call our custom script that is supposed to send the email message

Every 2FA-enabled user that receives OTP passwords via e-mail must have their e-mail address defined in the E-mail field of the General tab when viewing their details through the Active Directory Users and Computers management interface.

note

Note

It is not necessary to make any change in the Default Mobile Number Field section to make the email delivery option work.

 

Sample python script for sending email - we name the file as  sendmail.py

example

Example

import sys, smtplib 

server = smtplib.SMTP('smtpserver:port') 

server.starttls() 

server.login('username','password') 

server.sendmail(sys.argv[1] , sys.argv[1], 'Subject: OTP is '+sys.argv[2])

server.quit()

note

Note

In the sample python script above the smtpserver:port, username and password are supposed to be replaced with the corresponding SMTP details.

 

Sample .bat script for calling the sendmail.py script while passing the essential parameters to it - we name the file as CustomMail.bat:

c:\Python\python.exe c:\work\sendmail.py %1 %2

note

Note

This sample scenario assumes the python library is installed in your main computer where the ESA Authentication Server component is installed and you know the path to the python.exe file.

 

In the Sending OTP by field we define the path leading to our CustomMail.bat script, select the essential parameters such as [E-mail-Addresses] and [OTP] and then click Save

custom_mail_delivery

Provisioning (delivery of the mobile application) can be customized the same way using the essential parameters [PHONE] and [URL].

note

Note

Compared to SMS delivery (or usage of provisioned mobile application), the use of email as the means of OTP distribution is slightly less secure because the email message can be read on any device the user possesses. This method does not confirm that the intended recipient is in possession of the registered phone (phone number).