# Configuring OTP provider
To enable one-time password (OTP) delivery, configure an OTP provider. OpenIAM supports SMS, voice, and email delivery.
For OpenIAM 4.2.1 and later, you can configure OTP providers in the **Webconsole**.
OpenIAM includes these provider types by default:
* **Twilio SMS Provider** — sends OTP codes with [Programmable Messaging](https://www.twilio.com/docs/sms).
* **Twilio Voice Call Provider** — delivers OTP codes with [Programmable Voice](https://www.twilio.com/docs/voice).
* **SMSGlobal SMS Provider** — sends OTP codes through [SMSGlobal](https://www.smsglobal.com/developers/).
* **Email OTP Provider** — sends OTP codes through [Mailbox Configuration](/configuring-multi-factor-authentication/mailbox-configuration.md).
* **Custom OTP Provider** — sends OTP codes through a Groovy implementation, such as `/AM/otp/TwillioSMSOTPModule.groovy`.
The default installation includes these predefined OTP providers:
| OTP Provider Name | OTP Provider Type | Description |
| ---------------------- | -------------------------- | ---------------------------------------------------------------------------------------- |
| Text OTP by Twilio | Twilio SMS Provider | Sends OTP by SMS with Twilio |
| Text OTP by SMS Global | SMSGlobal SMS Provider | Sends OTP by SMS with SMSGlobal |
| Email Code | Email OTP Provider | Uses a configured mailbox to send OTP. The `OTP_CODE` email template is used by default. |
| Call OTP by Twilio | Twilio Voice Call Provider | Delivers OTP by voice call with [Programmable Voice](https://www.twilio.com/docs/voice) |
You can update an existing OTP provider with your own credentials or create a new one.
### Common OTP provider configuration options
The common configuration fields are shown below.
#### Name
Choose a user-friendly name for the OTP provider. Example: `Text OTP by Twilio`.
#### Type
Select the provider type. Use one of the supported types listed above.
#### Failover OTP Provider
Select another OTP provider to use if the current provider fails to send the OTP code.
The active provider and the failover provider must be compatible. For example, a phone-based provider must fail over to another phone-based provider. See the compatibility matrix below.
#### Attributes
This table contains provider-specific settings. Each attribute includes:
* **Attribute Name** — the internal attribute name used by the provider.
* **Stored in Secret** — whether the value is stored as a secret.
* **Value** — the configured value for that attribute.
The available attributes depend on the provider type.
#### Twilio SMS Provider
| Attribute Name | Description | Value |
| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------- |
| Message format (internal: TEXT\_MESSAGE\_FORMAT) | The format of the message that will be sent to user with OTP code. Message must contain %s literal, where OTP code will be placed. | This SMS is generated by the OpenIAM Test SMS OTP Module. Your code is: %s |
| From Number (internal: FROM\_ACCOUNT) | Verified [Sender Phone Number](https://support.twilio.com/hc/en-us/articles/223180048-Adding-a-Verified-Phone-Number-or-Caller-ID-with-Twilio), related to the Twilio Configuration. | +1234567890 |
| Account Password (internal: ACCOUNT\_PASSWORD) | Service account password | qwerty |
| Account Id (internal: ACCOUNT\_ID) | Service account name | AC12312312 |
| Length of the OTP code (internal: TOKEN\_LEN) | Length of the OTP code. If the value is less than 3, OpenIAM uses 3 characters. If the value is greater than 8, OpenIAM limits it to 8 characters. | 6 |
| Path to the groovy script (internal: GROOVY\_PATH) | Path to the Groovy script used by a custom OTP provider. Configure this in **Access Control → OTP Provider**. | /AM/otp/TwillioSMSOTPModule.groovy |
The example below shows a sample Groovy implementation.
{% code overflow="wrap" expandable="true" %}
```groovy
import org.apache.http.HttpResponse
import org.apache.http.client.methods.HttpPost
import org.apache.http.entity.StringEntity
import org.openiam.esb.core.auth.module.AbstractOTPModule;
import org.openiam.idm.srvc.auth.domain.LoginEntity;
import org.openiam.exception.BasicDataServiceException;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
public class TwillioSMSOTPModule extends AbstractOTPModule {
public TwillioSMSOTPModule() {
super();
}
@Override
protected void validate(String sendTo, LoginEntity login) throws BasicDataServiceException {
}
@Override
protected void send(String sendTo, LoginEntity login, String text) throws BasicDataServiceException {
String accountSid = "accountid";
String authToken = "token";
String toNumber = sendTo;
String fromNumber = "number";
String messageBody = text;
String url = "https://api.twilio.com/2010-04-01/Accounts/" + accountSid + "/Messages.json";
String auth = accountSid + ":" + authToken;
String encodedAuth = Base64.getEncoder().encodeToString(auth.getBytes());
HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost httpPost = new HttpPost(url);
httpPost.setHeader("Authorization", "Basic " + encodedAuth);
httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
String body = "To=" + toNumber + "&From=" + fromNumber + "&Body=" + messageBody;
httpPost.setEntity(new StringEntity(body, "UTF-8"));
try {
HttpResponse response = httpClient.execute(httpPost)
int statusCode = response.getStatusLine().getStatusCode()
println("response "+response)
if (statusCode == 200) {
println("OTP sent");
}
} catch (Exception e) {
e.printStackTrace();
}
}
@Override
protected String getText(String sendTo, LoginEntity login, String token) {
return "This SMS is generated by the OpenIAM Test SMS OTP Module. Your token is: " + token;
}
}
```
{% endcode %}
#### SMSGlobal SMS provider
| Attribute Name | Description | Value |
| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- |
| Message format (internal: TEXT\_MESSAGE\_FORMAT) | Format of the message sent to the user. The message must contain `%s`, which OpenIAM replaces with the OTP code. | This SMS is generated by the OpenIAM Test SMS OTP Module. Your code is: %s |
| From Number (internal: FROM\_ACCOUNT) | Verified Sender Phone Number, related to the SMS Global Configuration. | +1234567890 |
| Account Password (internal: ACCOUNT\_PASSWORD) | Service account password | qwerty |
| Account Id (internal: ACCOUNT\_ID) | Service account name | AC12312312 |
| Length of the OTP code (internal: TOKEN\_LEN) | Length of the OTP code. If the value is less than 3, OpenIAM uses 3 characters. If the value is greater than 8, OpenIAM limits it to 8 characters. | 6 |
#### Email OTP Provider
| Attribute Name | Description | Value |
| --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| Length of the OTP code (internal: TOKEN\_LEN) | Length of the OTP code. If the value is less than 3, OpenIAM uses 3 characters. If the value is greater than 8, OpenIAM limits it to 8 characters. | 6 |
#### Twilio Voice Call Provider
| Attribute Name | Description | Value |
| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------- |
| Message format (internal: TEXT\_MESSAGE\_FORMAT) | Format of the message delivered to the user. The message must contain `%s`, which OpenIAM replaces with the OTP code. | This SMS is generated by the OpenIAM Test SMS OTP Module. Your code is: %s |
| From Number (internal: FROM\_ACCOUNT) | Verified [Sender Phone Number](https://support.twilio.com/hc/en-us/articles/223180048-Adding-a-Verified-Phone-Number-or-Caller-ID-with-Twilio), related to the Twilio Configuration. | +1234567890 |
| Account Password (internal: ACCOUNT\_PASSWORD) | Service account password | qwerty |
| Account Id (internal: ACCOUNT\_ID) | Service account name | AC12312312 |
| Length of the OTP code (internal: TOKEN\_LEN) | Length of the OTP code. If the value is less than 3, OpenIAM uses 3 characters. If the value is greater than 8, OpenIAM limits it to 8 characters. | 6 |
| Pronunciation Language (internal: LANGUAGE) | Spoken language used for the call. See the supported [Twilio languages](https://www.twilio.com/docs/voice/twiml/say#attributes-alice). | en-US |
### OTP provider type compatibility matrix
| #/# | Twilio SMS Provider | Twilio Voice Call Provider | SMSGlobal SMS Provider | Email OTP Provider | Custom OTP Provider |
| -------------------------- | ------------------- | -------------------------- | ---------------------- | ------------------ | ------------------- |
| Twilio SMS Provider | X | X | X | | X |
| Twilio Voice Call Provider | X | X | X | | X |
| SMSGlobal SMS Provider | X | X | X | | X |
| Email OTP Provider | | | | X | |
| Custom OTP Provider | X | X | X | | X |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs-beta.openiam.com/configuring-multi-factor-authentication/configuring-otp-provider.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.