In the course of ongoing development of Axidian Access and Axidian Access Manager Single Sign-On solutions, Axidian has introduced an updated SMS One Time Password Provider component. The module enables user authentication using one-time passwords delivered via SMS and is designed to support centralized access control across a wide range of enterprise scenarios.
SMS-based one-time passwords remain one of the most widely used authentication methods due to their broad availability and low entry barrier. This approach does not require additional hardware, pre-installed applications, or complex user onboarding, making it suitable for organizations that need fast deployment and minimal impact on users.
At the same time, the role of SMS OTP in enterprise security has evolved. While it is no longer considered the strongest authentication factor on its own, SMS OTP continues to play an important role as part of multi-factor authentication strategies. It is often used as an entry-level second factor, a backup authentication option, or a practical solution for external users, contractors, and temporary access scenarios.
Like any telecom-based authentication method, SMS OTP has known security limitations, including risks related to SIM swapping, message interception, and social engineering attacks. For this reason, SMS OTP is not recommended as a standalone method for high-risk or privileged access. Its effectiveness depends on how it is implemented and controlled within the overall access architecture.
Within Axidian Access, the SMS OTP Provider is integrated into a centralized, policy-driven authentication framework. Administrators can define when SMS OTP is allowed, restrict its use to specific applications or user groups, and combine it with additional authentication factors based on context and risk level.
This approach allows organizations to balance usability and security while maintaining consistent access policies across on-premises, cloud, and hybrid environments.
By treating SMS OTP as one component of a broader access management strategy rather than a universal solution, organizations can reduce operational overhead, simplify user onboarding, and gradually introduce stronger authentication methods without disrupting business processes.
A one-time password generated by Axidian SMS OTP Provider is a random combination of digits and Latin characters. The password is generated by Axidian system server upon user request. The result is sent to SMS delivery service. The latter sends it to the user phone in the form of SMS message.
To authenticate, a user has to request a one-time password in login window:
If Axidian SMS OTP Provider is used with additional PIN code protection, the user has to enter the PIN code defined during authenticator registration:
The generated password is delivered to a user mobile device as SMS message:
Then, to finish authentication, the user has to enter the one-time password from the SMS message:
