Custom delivery options
The default delivery options of OTP (sms, mobile app) work perfect for most users, ESA can accommodate custom delivery options as well.
Standalone deployment type
In ESA Web Console navigate to Settings , and click Delivery Options.
Here you can specify the path to your custom script by which you wish to handle provisioning or delivery of OTP. Click Insert attribute to view a list of parameters you can use to be passed to your custom script. For example, in order to deliver the OTP you must use the [OTP] parameter. You can also specify a custom string to be passed to your script (see parameter1 in the screenshot above).
Active Directory Integration deployment type
Open the ESA Management Console on your main computer, navigate to your domain node (in our example acswin2012.com), click Advanced Settings and then click Delivery Options.
Here you can specify the path to your custom script (or look up the custom script by clicking the button) by which you wish to handle provisioning or delivery of OTP. Click
to view a list of parameters you can use to be passed to your custom script. For example, in order to deliver the OTP you must use the [OTP] parameter. You can also specify a custom string to be passed to your script (see parameter1 in the screenshot above).
Sample scenario available in Active Directory Integration deployment type - Delivering OTP via e-mail
Prerequisite:
•Know the SMTP details of the email gateway we wish to use for sending the email message containing the OTP
•Have a custom script for sending email messages
•Have a custom .bat script we define the path to it in ESA Management Console as shown in the screenshot above, while this .bat script is going to call our custom script that is supposed to send the email message
•Every 2FA-enabled user that receives OTP passwords via e-mail must have their e-mail address defined in the E-mail field of the General tab when viewing their details through the Active Directory Users and Computers management interface.
Note It is not necessary to make any change in the Default Mobile Number Field section to make the email delivery option work. |
Sample python script for sending email - we name the file as sendmail.py
Example import sys, smtplib server = smtplib.SMTP('smtpserver:port') server.starttls() server.login('username','password') server.sendmail(sys.argv[1] , sys.argv[1], 'Subject: OTP is '+sys.argv[2]) server.quit() |
Note In the sample python script above the smtpserver:port, username and password are supposed to be replaced with the corresponding SMTP details. |
Sample .bat script for calling the sendmail.py script while passing the essential parameters to it - we name the file as CustomMail.bat:
c:\Python\python.exe c:\work\sendmail.py %1 %2
Note This sample scenario assumes the python library is installed in your main computer where the ESA Authentication Server component is installed and you know the path to the python.exe file. |
In the Sending OTP by field we define the path leading to our CustomMail.bat script, select the essential parameters such as [E-mail-Addresses] and [OTP] and then click Save
Provisioning (delivery of the mobile application) can be customized the same way using the essential parameters [PHONE] and [URL].
Note Compared to SMS delivery (or usage of provisioned mobile application), the use of email as the means of OTP distribution is slightly less secure because the email message can be read on any device the user possesses. This method does not confirm that the intended recipient is in possession of the registered phone (phone number). |