X-Payments:Setting up user authentication with SMS/text messages

From X-Payments Help
Jump to: navigation, search

X-Payments can be set up to use an authentication method based on using one-time passwords received via SMS/text messages. The service is provided by Twilio.

To set up user authentication via SMS/text messages, follow these steps:

  1. In the X-Payments back end, go to the configuration page for the user authentication method based on using SMS/text messages (SMS/Text message 2nd step verification).
    Xc3 2step twilio config.png
    This page opens automatically after you select SMS/text messages as your preferred user authentication method when you log in to X-Payments for the first time. Also, you can access this page at any time using the "SMS/Text message configure" link on your profile details page (Profile > View details):
    Xp3 2step sms configure link.png
    Note that in X-Payments Hosted this page looks differently (The title on the page is Setup phone number for SMS notifications). If you are using X-Payments Hosted, skip over to Step 3 of this procedure.
  2. (This step is required only if using the downloadable edition of X-Payments; not needed for X-Payments Hosted): Set up an account with Twilio. To access the registration form on the Twilio website, use the Twilio account page link:
    Xp3 2step twilio link s.png
    Once your Twilio account is set up, enter your Twilio account details in the Twilio Services setup section of the auth method configuration page in X-Payments. Click Save to save the changes:
    Xc3 2step sms method config0.png
    Provided that your Twilio account details have been added correctly, a new section will be added on the SMS/Text message 2nd step verification page allowing you to set up a phone number for SMS notifications:
    Xc3 2step sms method config.png
  3. Use the Phone number field in the Setup phone number for SMS notifications section of the SMS/Text message 2nd step verification page to enter a phone number that you would like to use to receive SMS/text messages with one-time passwords for the second step of user authentication. Click Save to save the changes.
    Xc3 2step sms phone add1.png
    The phone number will be saved, and a new message - "The phone number is not verified" - will be displayed:
    Xc3 2step sms phone add2.png
  4. Verify the phone number you have added:
    Click the Get code button:
    Xc3 2step sms phone verify1.png
    Once you do it, an SMS/text message with a one-time password for user authentication will be sent to your phone, and the Get code button will be replaced with a blank field for verification.
    Xc3 2step sms phone verify2.png
    After you receive the SMS/text message with a one-time password, type the one-time password you have received into the blank field that has appeared on the page in the place of the Get code button, then click the Verify button. If the password you entered is correct, a success message will be displayed:
    Xc3 2step sms phone verify3.png

Now user authentication via SMS/text messages is enabled and configured:

Xc3 2step sms configured.png

At the second step of user authentication, you can now use one-time passwords sent to your phone number:

Xc3 2step sms auth.png

Important: After setting up your preferred user authentication method, be sure to create and save a list of backup codes for access to X-Payments:

If necessary, you can change the phone number at which you receive SMS/text messages with one-time passwords. Note that to complete the task you will be required to enter a one-time password from an SMS/text message sent to your currently connected device (If you have authentication via Google Authenticator enabled as an additional method, you can also use a one-time password generated by Google Authenticator instead of the password from the SMS/text messsage - these passwords are the same and can be used interchangeably).

To change the phone number associated with your 2-step authentication settings, complete the following steps:

  1. On the configuration page for the authentication method based on using SMS/text messages (SMS/Text message 2nd step verification), click the Change phone number button:
    Xp3 2step sms phone change.png
    A popup window will be displayed providing a form for you to enter a one-time password from an SMS/text message sent to your currently connected device.
    Xp3 2step sms phone change1.png
  2. Type in the one-time password from the SMS/text message (or from Google Authenticator) and click Enter. The popup window will be closed, and a note "Success! Phone number removed" will be displayed at the top of the screen:
    Xp3 2step sms phone change2.png
  3. On the method configuration page, add your new phone number and get it verified.
Retrieved from "https://www.x-payments.com/help/?title=X-Payments:Setting_up_user_authentication_with_SMS/text_messages&oldid=612"