Configuring the AD or LDAP Directory Server
The schema for your AD or LDAP directory server must include an attribute that contains the email address to
which a one-time password will be sent. The local authentication store uses the primaryEmail attribute, which
can be configured per user by editing the local user account. See Managing Local User Accounts.
This address is not necessarily the user’s corporate email address. In order to complete authentication, a user
has to be able to open the email containing the OTP; if it is sent to a corporate address the user may not yet
have access to the account.
One-time passwords can be configured to be sent in an email message directly to SMS-capable phones. Contact
your cell phone service provider for further information about enabling SMS.
The schema for your directory server (AD or LDAP) must be changed to accommodate an attribute (for example, SMSphone) that contains the SMS address for a given user. The address that you use depends on the user’s
number and service provider. The attribute value for a Verizon phone with a U.S. domestic number, for example,
looks like this:
Was This Article Helpful?
Help us to improve our support portal