BenN_NZ
Jun 28, 2019Altostratus
How to perform email OTP before authentication?
We are wanting to perform an email OTP verify prior to authenticating the user against AD.
I've got some way towards this by placing an OTP macro near the start of a flow (using an AD Query to get user's email), but have come up against a couple of problems:
- OTP uses the password session variable - this seems to break AD auth, as OTP now sits in between the logon page and the AD Auth node
- If the user needs to change their password, it hangs on the last Logon Page, which is the OTP one (rather than displaying one where you can actually change your password).
The only work around I can see is;
- Logon Page (username only + captcha)
- AD Query (get email)
- OTP Macro
- Logon Page (password only - could add read-only username here)
- AD Auth
But I'd rather not change/damage the UX (currently asks for username/password/captcha on first screen).
Any ideas would be greatly appreciated!
Thanks,
Ben.