Phone authenticator

Learn how the phone authenticator works after the upgrade.

Change summary The phone authenticator requires an external telephony service provider. The authenticator includes both SMS and voice calls. You can choose to enable either or both options for your end users.
Admin experience

If your org had the phone authenticator enabled in Classic Engine, it’s migrated to Identity Engine. No action is needed.

If your org didn’t have the phone authenticator enabled in Classic Engine and you want to enable it in Identity Engine, you need an external telephony provider. You can connect it with Okta using a telephony inline hook.

User experience

The phone authenticator allows users to authenticate themselves using a one-time passcode (OTP) that is delivered to their phone either as an SMS message or a voice call. It also allows users to enroll their devices and initiate account recovery.

If the phone authenticator isn’t configured in the org, it doesn't show up as an option during authenticator enrollment.

If a user has multiple phone numbers enrolled for the phone authenticator, two phone authenticators appear in the list.

Related topics Configure the phone authenticator