yc954 (yc954) asked a question.
OKTA Magic Link - Device Identification and SMS Support
We are integrating Magic Link authentication into our platform using OKTA and need clarification on the following points:
Device Identification and Geolocation:
Does the Magic Link callback contain a device ID and geolocation details to identify the original device used for the request?
Magic Link Delivery:
Does OKTA send Magic Links via SMS, or is it limited to email?
External Telephony Service Provider (TPS) Requirement:
If SMS delivery is supported, does it require an external TPS, or does OKTA handle the SMS delivery internally?
Any insights or best practices on configuring Magic Link authentication in OKTA would be greatly appreciated. Thanks in advance!
Hello @yc954 (yc954) , thank you for contacting Okta Community.
One of the challenges of using magic links is that security is tied to the user's email account, not to a device. You can read more about it below:
Magic Links: Passwordless Login for Your Users - an analysis of advantages and challenges
Okta email (magic link/OTP) integration guide - a guide from our Developer colleagues, includes sample code
Email Magic Links overview - a comparison between EML and OTP from our Developer colleagues
If you are interested in using SMS authentication, you need to bring your own telephony provider. Please review the following articles:
Telephony - this is a good starting point, includes criteria for choosing a provider and how to set it up
Configure and use telephony - the telephony setup guide
SMS Authentication (MFA) - how to configure it and what the end-user experience will be
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.