Username, password and sms

Performing this scenario will produce an OpenID Connect Provider with Username, password and otp delivered by sms authentication using either Active Directory, LDAP or SQL database as the primary userstore. Be sure to have configured "Relying party" and "Keystore" scenarios prior to executing this scenario. The "Keystore" scenario can be found under the FEDERATION tab.

This article will use LDAP as the primary user store.

Name & Description

Start by giving the scenario a friendly name and description. Then click Next.

OpenID Connect flow type

Select the OpenID Connect flowtype for this scenario. Both Authorization code flow and Implicit flow is supported and will generate appropriate configuration for selected flow type.

Click next to proceed.


Enter the tenant id to be used with this specific scenario. The tenant is an internally unique identifier for your OpenID Connect Provider you are about to create.

Click next to proceed.

User store selection

Select existing or create a new primary user store.

Click next to proceed.

User search settings

Enter a search filter. This will be used to locate the authenticating user.  Configure the search base by browsing through clicking "Choose" or manually enter the search base root. None of the values may be blank.

Click next to proceed.

Allowed relying party

Select the previously configured relying party, ort multiple if needed.

Click next to proceed.

Authorization endpoint

Enter the OpenID Connect Provider authorization endpoint. This is the endpoint applications will redirect the user agent to when authenticating.

Click next to proceed.

Keystore selection

Select one of the keystores uploaded earlier.

Click next to proceed.

Message gateway

Select a previously configured message gateway or create a new.

Click next to proceed.

One-time password settings

Enter the desired otp length and attribute containing the mobile number.

Click next to proceed.


Click create and after a couple of seconds the OpenID Connect scenario is ready to handle incoming authentication requests.

Additional configuration or deletion is done by expanding the heading and clicking the desired name of what needs to be edited.

Edit configuration

Additional configuration or deletion is done by expanding the heading and clicking the desired name of what needs to be edited.


General information about the scenario including a link to the OP discovery information.

Execution flow

The configured execution flow for this OpenID Connect scenario. Add, edit or delete valves to your specific needs.