Using RingCentral SMS for Auth0 MFA (multi-factor auth)
RingCentral SMS helps protect your users by sending messages from a trusted business number — yours, which can automatically connect your users with support or IT when called, further improving the user experience. Plus, with included SMS allotments, bundles, and our competitive overage rates — your company can not only improve security but save money.
Plus RingCentral SMS quickly and easily integrates with Auth0 (an Okta company), one of the leading providers for user identity management. In this tutorial we’ll walk you through how to setup RingCentral as your Auth0 SMS MFA provider — and have everything up and running in 15 minutes or less!
Step 1: create app credentials
Create your RingCentral App by logging into https://developers.ringcentral.com. For your app you’ll want to select “Rest API” and then on the following screen set your app to private (for use by your company only) and the only permission that is needed is “SMS.”
Once created you will have access to your app’s client ID and client secret:
Step 2: create JWT token
Grab your JWT token by clicking on your name in the upper right of the Developer Portal and selecting credentials. If you have not previously setup your Developer Sandbox credentials you will be prompted to do so prior to being able to create a JWT token for the sandbox ecosystem. You may also have to have the sandbox admin assign a phone number to your sandbox extension for you to use. Remember, with SMS you are limited to the phone numbers you have access to.
When creating the JWT, you should limit it to the specific app you created for security purposes.
Step 3: create the action in Auth0
You’ve now completed the initial steps to get the required information to set up the RingCentral Action in Auth0. To get started head over to https://auth0.com and once logged in clicked “Actions” in the left menu, and then select “Library.”
You should see the following screen:
Now click “Build custom” which will pop up a window asking for additional information. Name your action something that will help you identify it as your RingCentral SMS MFA integration, and select “Send Phone Message” from the dropdown under “Trigger.”
You will now be taken to a screen to write your custom action. Don’t worry, you don’t have to write any code here:
Replace the content of the code editor with the code snippet below and click “Save Draft:”
Step 4: add the secrets to your action
If you look closely at the code you’ll notice there are several secrets. To make the code work we will now add these secrets by clicking on the “key” icon to the left of the code.
By clicking the “Add Secret” button we can now create our secrets and add the values necessary to allow our code to function. These secrets include:
RINGCENTRAL_SERVER this is the URL of the environment you will be using to make API calls, for example using either the Sandbox environment “
https://platform.devtest.ringcentral.com” or the production environment “
https://platform.ringcentral.com”
RINGCENTRAL_CLIENT_ID this is the client ID that was created after you registered your app in the Developer Portal. You can simply copy and paste your client ID for your Auth0 app here.
RINGCENTRAL_CLIENT_SECRET this is the client secret that was created after you registered your app in the Developer Portal. You can simply copy and paste your client secret for your Auth0 app here.
RINGCENTRAL_JWT this is the JWT token you generated under credentials in the RingCentral Developer Portal.
RINGCENTRAL_FROM_NUMBER this is the number text messages should be sent from, make sure this is a number under your extension otherwise it will not work. Also make sure you are using your sandbox phone number for testing, and later your production phone number when you go live.
Step 5: add the RingCentral dependency
The final step to making your action work is adding the RingCentral JavaScript SDK as a dependency. Click on the “packages” icon below the key, click on “Add dependency” and then copy and paste:
@ringcentral/sdk
Step 6: test your action
Now that we have set up the action, added the keys, and added the npm dependencies we’re ready to test the action. Click the “play” icon above the key icon on the left.
Before continuing with our test we will want to update the sample data shown on the left of the code. Find “recipient” under “message_options” at the top of the JSON for the test event and update the phone number to the number you wish to receive the test message at.
Once you have updated the number you can scroll down (where the JSON is) and click “Run.” If everything is set up correctly you should receive a test SMS message!
If not, verify that the secrets you added are accurate, that your environment and number match, and that the number you are using is assigned to your extension.
Step 7: run additional tests, move your app into production
Now you are ready to move your app into production. You can run more tests by repeating step 6. Once you have completed 20 successful SMS API calls you can click “Graduate” in the RingCentral Developer Portal to move your app into production.
Now you will need to update your Auth0 secrets to reflect the Production server, client ID, client secret, your JWT for production, and the production phone number you will be using for the app.
Step 8: turn on SMS MFA for Auth0
Now we are ready to turn SMS MFA on for Auth0. First we need to deploy our Auth0 action by clicking the “Deploy” button within the action editor.
Now we need to turn on MFA for our Auth0 logins. To do this, click on “Security” and then “Multi-factor auth” in the left hand navigation of your Auth0 account. Now click on “Phone Message” to enable SMS MFA for logins.
First select “custom” for your delivery provider — this will utilize the new action you just created. For delivery method choose “SMS,” and then you can configure your message and other details.
Finally click the toggle on the top right to turn on Phone Message/ multi-factor SMS for Auth0.
That’s it! You’ve now enabled multi-factor auth within Auth0 using your trusted RingCentral business number — providing greater security for your users and your business.
To learn more about how you can use RingCentral SMS check out our ideas and how other businesses in your industry are using SMS at https://developers.ringcentral.com/solutions
To learn even more about other features we have make sure to visit our developer site and if you’re ever stuck make sure to go to our developer forum.
Want to stay up to date and in the know about new APIs and features? Join our Game Changer Program and earn great rewards for building your skills and learning more about RingCentral!