OTP to manager, using SMTP
The purpose of this document is to describe how to configure PhenixID server with a login flow where the otp is sent to the manager of the account logging in.
Delivery method for the otp will be SMTP.
In the example below, AD/LDAP is configured as the user store.
Prerequisites
One or more authenticator(s) configured.
We will send the otp using SMTP, so please configure according to instructions found here.
Configuration
On the authentication scenario, go to the tab "Execution flow".
The pipe "Find user, validate password and send otp", should have "OTPBySMTPValve" configured:
Depending on the authenticator, the value for "Recipient parameter" should be "User-Name" for RADIUS and "username" for http.
On the "LDAPSearchValve" of the flow, set the attributes to "sAMAccountName,manager":
Now we add a "LDAPLoadValve".
This valve should be placed after the "LDAPBindValve":
Set the value for "DN" to {{item.manager}} and "Attributes" should be set to mail.
The pipe should now look similar to this example:
Since the otp will now be sent to the manager of the account, the default "Valid time" might be a bit short.
It can be increased on the "OTPGeneratorValve":
This flow will now pick up the value of manager, from the account logging in.
And send the otp, using SMTP, to the mail address of manager.