How to Send Templated OTP Emails in PingOne Advanced Identity Cloud using Next Generation Scripting

Setup
, ,
1

By Darinder Shokar
Originally posted on https://medium.com/@darinder.shokar

This blog refactors the solution in this blog by tapping into the new capabilities of Next Generation scripting engine.

Sending HMAC-based One-time Passwords (HOTPs) via email is common for tasks like verifying a user’s email during registration or handling forgotten credentials. In this blog, we’ll walk through how to implement this in PingOne Advanced Identity Cloud (AIC), including how to apply a template to the outbound email for personalisation and an improved user experience.

Configure An Email Template

Configure a sample email template using these instructions. The key points are:

  • The template id is configurable but set it to otp to use the variable defined in the script.
  • {{object.givenName}} and {{object.otp}} must be defined to pass the first name and HOTP value to the email service.

See sample_template.txt from here for example content. It looks like this:

Example Email Template Configuration
Example Email Template Configuration1400×563 77.9 KB

Example Email Template Configuration

Import the Logging Library Script

Library functions are a fantastic addition to PingOne AIC, which allow code re-use. One great example of this is logging. Instead of writing logging code again and again across the platform, you can write the logic once and import for re-use.

  1. From the PingOne Platform UI, navigate to Scripts on the left panel > Auth Scripts > Blue New Script > Other > Library
  2. Enter a Name of ds-node-logger-lib and Description of Library function to handle node logging and in the JavaScript code block add the code from here
  3. Hit Save and Close

Example configuration:

Library Function Configuration Example
Library Function Configuration Example1400×1185 168 KB

Library Function Configuration Example

Import the Journey

Now we’re ready to import the sample journey.

  1. Download the journey JSON export file to your local machine from here
  2. From the platform UI, navigate to Journeys on the left panel > Import > Browse for the journey JSON file > Hit Next > Import
  3. In the journey list select HOTPViaEmailServiceNextGen copy the Preview URL

The example HOTPViaEmailServiceNextGen journey will look like this:

Example HOTPViaEmailServiceNextGen journey
Example HOTPViaEmailServiceNextGen journey1400×632 64.2 KB

Example `HOTPViaEmailServiceNextGen` journey

Execution

To test the flow complete the following steps:

  1. Call the URL stored from step 3 above e.g: https://<TENANT>/login/?realm=/alpha&authIndexType=service&authIndexValue=HOTPViaEmailServiceNextGen#/
  2. After entering the username and password a templated email will be sent, enter the OTP into the login prompt to successfully authenticate.

Example templated email:

image
image1400×800 141 KB

Example templated OTP email

t should be noted that in Production the default SMTP Service should be replaced with your own via this guide.

Conclusion

There you have it, an example of how to send HOTPs using the feature rich capabilities of the PingOne Advanced Identity Cloud platform.

Thanks for reading!

1 Like