Auth0 supports different options for enabling MFA to protect user account access: push notifications, authenticator apps like Google Authenticator, and one-time codes delivered through email, SMS, or third party products such as Duo.
Until now, Auth0 has integrated with Twilio as an SMS provider, which has been a great solution for our customers. However, some customers require additional flexibility when selecting SMS providers. For example, larger organizations may use a single provider for multiple purposes and want to leverage that provider for SMS MFA to consolidate payments and enjoy volume discounts.
Organizations have a number of SMS providers they can choose from depending on their business needs. There are a number of factors to consider when selecting an SMS provider:
- Cost: Some SMS providers may offer more favorable pricing and pricing models than others based on the region or country to which you want to send messages.
- Integration with your existing software infrastructure: You may already have a provider that helps you consolidate a single view of all the communications with your users, and you want to keep using it.
- Compliance: You might require certain certifications from your SMS provider, which not all vendors can provide.
- Quality of service: Some SMS providers may have better deliverability rates than others based on the region or country of the receiver.
Selecting the right provider can yield considerable cost savings to your business and deliver a better user experience to your customers. With this in mind, we are pleased to announce that you can now use ANY provider for delivering SMS MFA messages. Auth0 is the first cloud identity product that gives you that option.
Auth0 has a powerful and scalable extensibility platform where you can write your own code that can be executed when needed. One of the extensibility points is Auth0 Hooks, which are serverless functions that Auth0 calls when a certain event happens.
You can write code to send SMS messages in our new "Send Phone Message Hook."
To achieve this, you need to follow three simple steps:
- Create a new "Send Phone Message" Hook from the Hooks Dashboard’s section and give it a name. In this case, you'll be creating one to deliver messages using AWS’s Simple Notification Service.
- Write the code to send a text message or use a full example of how to send text messages with Amazon SNS.
- Configure the SMS MFA Factor to deliver messages using the Phone Message hook:
Using Your Vendor of Choice
We included documentation on how to implement SMS Delivery with Amazon SNS, Twilio, Infobip, TeleSign, Vonage, Mitto, and Esendex. Just copy and paste the examples in your Hook code and start sending messages using your product of choice.
Enhance Security With MFA
Auth0 provides the most usable and friction-free multi-factor authentication experience in the market.
You get a state-of-the-art end-user experience for enrolling and authenticating with multiple factors, like push notifications and one-time password (OTP) apps, right out-of-the-box.
Just enable multi-factor authentication in the Auth0 Dashboard and immediately improve the security of your applications and users!
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding more than 4.5 billion login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.