Multi Factor authentication with SMS Passcode without sending an (actual) SMS
- Published: Wednesday, 08 July 2015
Multi faction authentication (nowadays multifactor authentication) is becoming majority in the upcoming years. One of my favorite product is SMS Passcode, which is on the market for years. SMS Passcode offers multi factor authentication for a big range of available products/solutions in the market. Besides it is really easy to implement, within a few hours the environment is up and running. The default delivering method is sending a SMS via your own GSM modems. However within several datacenters the connection of GSM modem is difficult. Therefore SMS Passcode has the possibility to use an external SMS provider an alternative. However when you the companies offering a Desktop/Application as a Service the cost of the SMS (both with GSM model as SMS service provider) can be a bottleneck as the users don’t belong to the same organization (and cannot have a company subscription). However for this challenge SMS Passcode has a solution together with Acision (formerly named as MindMatics). In this article I will describe the solution and how to configure it.
Acision are offering an app which can installed on a smart phone (IOS and Android) called Trustego. Via the services Acision offers instead of a SMS the authentication code is delivered using to the Trustego App. For companies that don’t have a corporate phone contract or service providers (where the user don’t belong to a corporate contract) this can be interesting from a price perspective. Contact Acision to get a price quote to find out this can be interesting for your company/customer. A big advantage is that Acision finds security is an importance. Acision complies with the highest German data protection and security guidelines are implemented.
Logically there is a configuration needed on the SMS Passcode infrastructure and the end-user device need to be known in the Acision infrastructure. I will describe all steps to set-up the environment.
SMS Passcode infrastructure
I assume that you already have a SMS Passcode infrastructure running with the current version 7.2. If not you can use an older review of the SMS Passcode software I wrote, however SMS Passcode also has good manuals available. In my set-up I’m using a Citrix NetScaler to connect to the environment, but it will work for all solutions SMS Passcode offers.
The first step is to ensure that the Web Service SMS functionality within SMSPasscode is enabled. This can be checked within the SMS Passcode Web management console via Settings – General – Globalization Options. On this tab the option Web Service SMS should be checked by Allowed.
The second step is to create the Web Service Dispatcher for Trustego. This is done via Transmissions – Web Service Dispatcher in the left menu. Here the button Create Add new web service dispatcher can be used to set-up this service. You need to specify a Name, Customer ID and Authentication ID. The name is important as we need to create a registry key with exactly the same name. The Customer ID and Authentication ID are supplied by Acision, when your account at their side is created.
After we created the Web Service Dispatcher we need to enter additional information into the registry (for this version). Open regedit.exe and go to HKLM\Software\SMS Passcode\SWSD. Create a new key with the exact name as the web service dispatcher is labeled. In my case I used Acision. With this key the following values with corresponding data should be added. The data of TrSimpleWSDParamatersString need to be altered to your infrastructure. CUSTID need to be replaced by the Customer ID and AUTHCODE need to be replaced with the Authentication ID received by Acision.
When using the web service dispatcher for Acision you need to change the dispatcher configuration of SMS Passcode as well. Go to the folder where SMS Passcode is installed on the server which host the dispatcher role and start the executable SetActiveDispatcher (run as administrator) located in the Tools folder.
Next change the dispatcher to Generic. Again you need provide the name as entered in the management console. Configure the following fields with the values. At Parameters replace CUSTID and AUTHCODE with the values provided by Acision.
Last step is to ensure that your user policies allows to use the Web Service SMS dispatcher. You need to look at your user group policies. In my case I just changed the Default User Policy to use the Dispatch Type to Send SMS passcodes by web services SMS, but this depends on your set-up.
Optionally and dependent of your current infrastructure set-up, you need to add a proxy server (if you did not use the web service earlier) into the registry of SMS Passcode to be able to connect the SMS gateway and change the length of the notification message length.
With above shown steps the SMS Passcode infrastructure is ready to send authentication codes using Acision Trustego by configuring Trustego on the phones.
First step is to install the App on the phone of the users. Go the App Store and search for Trustego. Select the Trustego App and choose Install.
When the App is installed open it. The telephone number should be assigned to the app. Fill in the corresponding phone number in the format 00<<countrycode>><<phonenumber>> and select your country, followed by Register Number.
The combination in action
Now both SMS Passcode as the App are configured, we can start providing authentication codes using the Trustego App to the user. There is no difference at the Front-End, only instead of a SMS the user will receive the OTP in the Trustego app. In my example the user will logon as usual to the Citrix NetScaler using his username and password.
After providing his credentials he will receive the OTP via the Trustego App and can enter the information in the SMS Passcode authentication field and the user can start his Citrix session (in this case) afterwards.
In this article I have shown the configuration and set-up of using the Trustego App in combination with SMS Passcode for multi factor authentication without sending an actual SMS. This methodology is very interesting for companies that need multi factor authentication, but the users are not part of the same organization (and high SMS costs are applying). It’s nice that SMS Passcode also have a solution for such environments.