Loading
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Custom One-Time Password Delivery Process

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Custom One-Time Password Delivery Process

            If you use a custom one-time password (OTP) delivery provider instead of the Salesforce default provider, your provider sends OTP messages to end users.

            Required Editions

            Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
            Available in: Professional, Enterprise, Unlimited, and Developer Editions

            Custom OTP delivery relies on an Apex handler that implements the Auth.CustomOneTimePasswordDeliveryHandler interface. The interface uses the sendOneTimePassword method, where you pass in multiple parameters, including the OTP generated by Salesforce, the user's phone number, the user ID, and the Experience Cloud site ID, among other parameters. You can use custom code to compose the content of the message. To send the message, your handler makes an API callout to a messaging endpoint that's hosted on the provider then handles the response.

            This process can begin whenever you require an external user to verify their identity using SMS. The entry point depends on your use case. These use cases support identity verification with SMS.

            For example, if you use passwordless login, this flow can begin when a user goes to your Experience Cloud site login page and enters their phone number to log in.

            1. Salesforce calls the sendOneTimePassword method in the custom OTP delivery Apex handler.
            2. Your Apex implementation uses the sendOneTimePassword method to send an authenticated request to the provider's callout endpoint. The request includes the user's ID, their phone number, the message content, the Salesforce OTP, and any other parameters that the provider requires.
              Note
              Note Your Apex implementation is responsible for connecting to the provider and delivering the SMS message. Salesforce doesn't provide this functionality by default.
            3. The provider returns a response, which your Apex handler captures and processes. How you process the response depends on your provider.
            4. If the response is successful, your handler returns the Auth.CustomOneTimePasswordDeliveryResult enum value SUCCESS.
            5. The provider sends an OTP to the user's phone number.
            6. The user enters the OTP in your Experience Cloud site verification form.
            7. Salesforce verifies the OTP. This step depends on your use case. For example, for passwordless login, you can use the verifyPasswordlessLogin method in the System.UserManagement class.
            8. The user's identity is logged in or registered, depending on your use case.
             
            Loading
            Salesforce Help | Article