Vonage provides an SMS service which can be used to deliver multi-factor verification
Verify users by reaching their mobile device with SMS or voice codes: easily adding a layer of security. We designed the Verify API to make it simple to implement. Your application simply gives us a phone number and we take care of the rest. We've got you covered for SMS, voice, and SMS to voice failover scenarios. We even make sure the messages comply with local regulations so they are not filtered by the carriers. Our comprehensive backend provides the secure code and identity management capabilities, all behind a simple to use API.
Our many direct-to-carrier relationships around the world, combined with our proprietary Adaptive Routing algorithm, allow us to work in real-time to find the best routes for your messages. Add to that our Compliance Engine, which knows how and when to deliver messages according to country and carrier requirements, and you have the industry’s highest deliverability rates.
A single API provides the full 2FA solution, from authentication management to message automation, spanning SMS and Voice.
Just give us a phone number and we'll take care of the rest. We generate the codes, localize, use the fastest channel available, even fall back from SMS to voice when needed.
Unlike other 2FA methods that may require special hardware or an authenticator app, our solution works with any phone number.
You can send multi-factor authentication (MFA) text messages using the Vonage (previously Nexmo) SMS API. Vonage provides an SMS API that can be used by Auth0 to deliver multi-factor verification via text messages. To learn more, see Vonage's SMS API Overview.
Note: The following steps will add text-message-based MFA to the login flow for the tenant in which you're working. We highly recommend testing this setup on a staging or development server before making the changes to your production login flow.
Before you begin:
- Make sure you have an Auth0 account and tenant. Sign up for free.
Set up the partner application
To configure your integration with Vonage:
- Sign up with Vonage and complete your profile and confirmation steps.
- Go to the SMS API screen of the Vonage dashboard and test the API with a test number. Once you've successfully tested the SMS API and can receive a text message, you're ready to integrate with Auth0.
Add the Action
- Select Add Integration (at the top of this page).
- Read the necessary access requirements and click Continue.
- Configure the integration using the following fields:
- Vonage API Key
- Vonage API Secret
- From Number - The phone number from which the SMS message will be sent
- Click Create to add the integration to your Library.
- Click the Add to flow link on the pop-up that appears.
- Drag the Action into the desired location in the flow.
- Click Apply Changes.
Activate custom SMS factor
To use the SMS factor, your tenant needs to have MFA enabled globally or required for specific contexts using rules. To learn how to enable the MFA feature, see:
The last steps are to configure the SMS Factor to use the custom code and test the MFA flow. Note: Once you complete the steps below, Auth0 will begin using this factor for MFA during login. Before activating this integration in production, please make sure you have configured all components correctly and verified on a test tenant.
- Go to Dashboard > Security > Multi-factor Auth and click the Phone Message factor box.
- In the modal that appears, select Custom for the delivery provider, then make any adjustments you'd like to the templates. Click Save when complete, and close the modal.
- Enable the SMS factor using the toggle switch to begin using this factor.
Test MFA flow
Trigger an MFA flow and verify that everything works as intended.
If you do not receive the text message, look at the tenant logs. Look for a failed SMS log entry. To learn which event types to search, see the Log Event Type Code list, or you can use the Filter control to find MFA errors.
Make sure that: