Skip to content

SMS & E-mail One-Time Password (OTP)


OTP meaning One-time password authentication involves the use of a randomly generated code that expires after a brief period to authenticate users. This code, along with their username or email and password, is entered on the login screen for authentication.

It can be delivered to users via various channels such as email, SMS, voice call, or an authenticator app. OTP authentication can generate codes using event-based or time-based algorithms. Event-based algorithms produce a new code each time it's requested, whereas time-based algorithms generate a fresh code at regular intervals, like every 30 seconds.

One-Time Password (OTP) method
[One-Time Password (OTP) method

Use cases


One-time password (OTP) authentication is particularly useful in customer-facing applications (CIAM), especially in industries where security is paramount. In industries such as banking, insurance, healthcare and e-commerce, OTP authentication plays a crucial role in securing access to sensitive data and services after providing a strong password for the users.

By providing users with a temporary code sent via SMS, email, or generated through a mobile app, businesses can ensure a secure login experience while maintaining user satisfaction and trust. However, OTP authentication for the general public may introduce complexity and usability challenges. Users may face difficulties receiving or entering OTP codes, leading to frustration and potential abandonment of the login process.


In business-to-business (B2B) scenarios, One-Time Password (OTP) authentication can streamline access for partners or vendors. By integrating OTP authentication with existing external systems such as Active Directory (AD) or LDAP, organizations can centralize account management and enforce additional security measures for accessing shared resources. This enables seamless collaboration while maintaining robust security protocols across the ecosystem.

Pros & Cons


  • Enhanced security: OTP authentication adds an extra layer of security beyond traditional username and password authentication, reducing the risk of unauthorized access.


  • Dependency on external factors: OTP authentication relies on external communication channels such as SMS or email, which can introduce delays or failures in the authentication process.

  • Limited validity: OTP codes are valid for a short period, requiring users to authenticate within a specific timeframe.

  • User experience impact: The requirement to enter OTP codes adds an extra step to the login process, potentially leading to user frustration and abandonment

Supported by Keycloak

Not natively support by Keycloak, but custom extension can be installed to cover OTP authentication. Contact us for more information.