Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Customized One-Time Password Delivery for Experience Cloud Identity Verification

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Customized One-Time Password Delivery for Experience Cloud Identity Verification

            For more control over identity verification for external users, use a messaging provider of your choice to send one-time passwords (OTPs) via SMS. With a custom messaging provider, you can take charge of your branding. Personalize the content of messages and the SMS short code that shows who sent the message to the user's phone number.

            Required Editions

            Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
            Available in: Professional, Enterprise, Unlimited, and Developer Editions

            You can use this feature for any Experience Cloud verification use case where you send an OTP via SMS, including multi-factor authentication (MFA), passwordless login, passwordless registration, and self-registration flows. For headless apps, you can use a custom OTP provider for headless registration and passwordless login flows.

            By default, Salesforce provides an SMS delivery service for identity verification use cases that use SMS. For example, when you configure MFA for an Experience Cloud site, you can give users an option to verify their identity with SMS by using their verified phone number. When a user tries to log in to your site, the Salesforce provider sends the OTP to the user's phone number. With the default provider, Salesforce fully controls the content of the message and the short code from which it's sent.

            By switching to a custom OTP provider, you can customize the content of the message and the short code to suit your brand's digital marketing strategy. For example, a travel company can send OTPs from a short code such as FLIGHT, with a themed message such as Enter this code to get one step closer to your dream vacation.

            Custom messages and short codes can also build trust with your customers, because they can feel more confident that the message is coming from your company. For example, include contact information for customers to contact your support or security teams in case they unexpectedly receive an OTP when they didn't request one. Or include instructions for self-service steps that users can take, such as changing their password if they think their account was compromised.

            With custom messages, you can also improve your user experience. For example, write explicit instructions for non-technical users about where to enter the OTP. Make sure users know how long the OTP remains valid so that they don't get frustrated if they try to enter an expired OTP.

            • Considerations for Using a Custom One-Time Password Delivery Provider
              Before you configure a custom one-time password (OTP) delivery handler to send SMS messages for Experience Cloud use cases, review these considerations.
            • Custom One-Time Password Delivery Process
              If you use a custom one-time password (OTP) delivery provider instead of the Salesforce default provider, your provider sends OTP messages to end users.
            • Complete Prerequisites to Connect to a Custom One-Time Password Provider
              To send a one-time password (OTP) via a custom provider, Salesforce calls an API that's hosted on your provider. To access this API, Salesforce must be able to make authenticated calls to your provider. Get started by retrieving authentication credentials from your provider and registering the provider's callout endpoint with Salesforce. To simplify and secure development, consider creating a named credential that stores the provider's credentials and callout endpoint in a single definition.
            • Create a Custom One-Time Password Delivery Apex Handler
              Custom one-time password (OTP) delivery relies on an Apex handler that implements the Auth.CustomOneTimePasswordDeliveryHandler interface. Your custom OTP delivery handler calls out to your provider to send an OTP to the user via SMS. You can customize the content of the SMS message and the short code that the user sees.
            • Configure Settings for a Custom One-Time Password Provider
              To use your custom one-time password (OTP) delivery handler Apex class, add it to your Experience Cloud site settings.
            • Example: Custom One-Time Password Delivery Handler
              In this example, a custom one-time password (OTP) delivery handler calls out to Telesign to send a custom message to an external Salesforce user.
             
            Loading
            Salesforce Help | Article