• Documentation
• Platform
  • Multi Factor Flow
  • User Enrollment
  • Domain Attributes
• Guides
  • Admin Panel
  • User Management
  • Applications
  • Admin Logs
  • Authentication Logs
  • Administrator Roles
  • Policies
  • Hardware Tokens (OTP)
  • Software OTP Tokens
  • Email OTP
  • Bypass Codes
  • Devices
  • Phones
  • U2F Tokens
  • Push Number Matching
  • Passcode Grids
  • Authenticator App
  • Enrollment Email
  • LoginTC Managed
  • MSP Hub
• End-User Guides
  • iOS App
  • Android App
  • Chrome Extension
• Video Library
  • LoginTC Basics
  • LoginTC Policies
  • User Management
  • LoginTC MSP Hub
  • LoginTC RADIUS Connector
  • Authentication Methods Management
  • Offline Authentication
  • Cloud User Enrollment
  • On-Premises User Enrollment
  • Authentication Methods for Users
  • AD FS Walkthrough
  • Check Point Walkthrough
  • Cisco Walkthrough
  • Amazon Workspace Walkthrough
  • Barracuda Walkthrough
  • F5 Big-IP APM Walkthrough
  • Fortinet Fortigate Walkthrough
  • Ivanti VPN Walkthrough
  • Microsoft Entra ID Walkthrough
  • Microsoft Remote Desktop Web Access Walkthrough
  • Microsoft RRAS Walkthrough
  • OpenVPN Walkthrough
  • Outlook Web App
  • Palo Alto Walkthrough
  • SonicWall Walkthrough
  • Sophos Walkthrough
  • SSH Walkthrough
  • VMware Horizon View Walkthrough
  • WatchGuard Walkthrough
  • Windows VPN L2TP
  • LoginTC Managed Walkthrough
• Connectors
  • AD FS
  • Apache
  • Barracuda
  • Box
  • Check Point
  • Cisco ASA
  • Citrix NetScaler
  • Dropbox
  • Microsoft Entra ID External Authentication Methods (EAM)
  • F5 BIG-IP APM
  • Fortinet Fortigate
  • Freshdesk
  • Juniper
  • MariaDB
  • Netgate pfSense
  • Office 365
  • OpenAM
  • OpenVPN
  • OpenVPN AS
  • OWA
  • Palo Alto
  • PostgreSQL
  • Pulse Connect Secure
  • RADIUS
  • Two Factor Authentication (MFA) for RD Gateway (RADIUS)
  • Two Factor Authentication (MFA) for Remote Desktop Web Access (RD Web)
  • Sophos UTM
  • SonicWALL SRA
  • SiteMinder
  • Unix SSH
  • VMware Horizon View
  • Web
  • WatchGuard
  • WatchGuard Access Portal
  • Windows Logon and RDP
• Tools
  • User Sync
• REST API
  • Users
  • Domains
  • Tokens
  • Bypass Codes
  • Hardware Tokens
  • Sessions
  • Organizations
  • Client Libraries
• Downloads
• Release Notes
  • LoginTC RADIUS Connector
  • LoginTC AD FS Connector
  • LoginTC RD Web Access
  • LoginTC RD Gateway SSO
  • LoginTC Windows Logon Connector
  • LoginTC OWA
  • LoginTC Managed
  • User Sync Tool
• Service Status
• Knowledge Base
• Help

Phones Guide

• Overview
• Adding a Phone
• Managing Phones
  • Associating with a User
  • Disassociating from a User
  • Edit Phone
  • Enabling / Disabling SMS Passcode Authentication for an Application
  • Enabling / Disabling Phone Call Authentication for an Application
  • Enabling / Disabling SMS Passcode Authentication for a Domain
  • Enabling / Disabling Phone Call Authentication for a Domain
• Searching Phones
• Telephony Credits
• SMS Passcode Authentication
  • LoginTC Login Window
  • Challenge Interactive Mode
  • Direct Mode
• Phone Call One-Step Authentication
  • LoginTC Login Window
  • Challenge Mode
  • Direct Mode
  • Fallback Policy
• Phone Call OTP Authentication
  • LoginTC Login Window
  • Challenge Interactive Mode
  • Direct Mode
• Video Walkthrough
  • LoginTC Phone Authentication
• Troubleshooting

Overview

Phones are telephone numbers that can authenticate a user. A user’s phone can receive one time passcodes (OTPs) via SMS or a phone call to login.

Adding a Phone

To add a phone:

1. Log in to LoginTC Admin
2. Click Phones
3. Click Create
4. Enter phone details
5. Click Add

Managing Phones

Associating with a User

To associate a phone with a user:

1. Log in to LoginTC Admin
2. Click Phones
3. Click the phone you would like to associate
4. Click Associate User
5. Select the user you would like to associate. Use the Search filter to narrow down results
6. Click Associate User

Disassociating from a User

To disassociate a phone with a user:

1. Log in to LoginTC Admin
2. Click Phones
3. Click the phone you would like to disassociate
4. Click Disassociate User

Edit Phone

To edit a particular phone details click on the Settings button from the phone details page:

Phone

Enabling / Disabling SMS Passcode Authentication for an Application

To enable or disable SMS One-time Password (OTP) for an application:

1. Log in to LoginTC Admin
2. Click Applications
3. Select the application you want to modify
4. Select the appropriate application policy
5. Under Authentication Methods Scroll down to SMS One-time Password (OTP)
6. Select either Enabled or Disabled
7. Scroll down to the bottom of the page and click Save

Enabling / Disabling Phone Call Authentication for an Application

To enable or disable Phone Call for an application:

1. Log in to LoginTC Admin
2. Click Applications
3. Select the application you want to modify
4. Select the appropriate application policy
5. Under Authentication Methods Scroll down to Phone Call
6. Select either Enabled or Disabled
7. Scroll down to the bottom of the page and click Save

Enabling / Disabling SMS Passcode Authentication for a Domain

To enable or disable SMS OTP for a domain:

1. Log in to LoginTC Admin
2. Click Domains
3. Select the domain you want to modify
4. Click on Settings:
5. Scroll down to SMS OTP Enabled
6. Select either enabled or disabled
7. Scroll down to the bottom of the page and click Update

Enabling / Disabling Phone Call Authentication for a Domain

To enable or disable Phone Call for a domain:

1. Log in to LoginTC Admin
2. Click Domains
3. Select the domain you want to modify
4. Click on Settings:
5. Scroll down to Phone Call Enabled
6. Select either enabled or disabled
7. Scroll down to the bottom of the page and click Update

Searching Phones

To search for a particular device:

1. Log in to LoginTC Admin
2. Click Phones:
3. Enter a search term in the search field
4. Click Search

The keyword is matched with any one of the following user and phone attributes:

• User username
• User email
• User name
• Phone number
• Phone name

Telephony Credits

Sending SMS messages will use up your organizations’ Telephony Credits. LoginTC uses a service provider to perform the actual SMS, so the credits simply cover the cost to send an SMS message.

To manage Telephony Credits:

1. Log in to LoginTC Admin
2. Click Billing
3. Scroll down to Telephony Credits:

There are two types of credits: Account Credits and Backup Credits. Account Credits are 100 times the number of users you have and gets refilled annually. So if you have 100 users you have 10,000 credits for the organization, any user can use them. They do not rollover to the next year, rather they are refilled based on the user limit. Backup credits do roll over and are essentially permanently available until used. Backup credits are only used once there are no remaining Account Credits.

SMS Passcode Authentication

Authenticate by receiving an SMS with a 6-digit One-Time Passcode.

LoginTC Login Window

With the LoginTC iframe simply select the Phone from the Authentication Method dropdown menu and then select LoginTC Passcode:

Click SMS me a passcode to receive a LoginTC Passcode on the selected device. Authenticate by entering the passcode in the input field and clicking Log in.

Challenge and Challenge Interactive Mode

The sms and last 4 digits of phone number methods can also be used in Challenge and Challenge Interactive authentication modes on the LoginTC RADIUS Connector for a smooth user experience. In the Challenge window simply enter sms or last 4 digits of phone number to receive an SMS. If Challenge Interactive is the authentication mode then a second window will display in which the OTP can be directly entered.

Direct Mode

When authenticating, a user enters their username normally. In the password field, they should should enter their password followed immediately by a comma and sms or last 4 digits of phone number:

Regular input (without phone) :

    username: john.doe
    password: johnPassword

Input with sms:

    username: john.doe
    password: johnPassword,sms

Input with last 4 digits of phone number:

    username: john.doe
    password: johnPassword,5555

If the user has a Phone associated with them and SMS authentication is enabled the user will receive an SMS with a 6-digit One-Time Passcode (OTP). If sms is used then the oldest phone associated with the user will be sent the OTP. When last 4 digits of phone number is entered then the phone matching the last 4 digits will be used. The OTP can then be used in a subsequent authentication:

Input with OTP

    username: john.doe
    password: johnPassword,123123

For more examples see: SMS Passcode

Phone Call One-Step Authentication

Authenticate by receiving a phone and pressing any number. This method works with both mobile and landline phones.

LoginTC Login Window

With the LoginTC iframe simply select the Phone from the Authentication Method dropdown menu and then select LoginTC Phone Call:

Click Call me to receive a phone call.

Answer the phone call and listen to the message.

Authenticate by pressing any number on your phone. Hanging up will deny the authentication.

If the phone is not answered or a number is not pressed in time, the authentication request will timeout.

Challenge Mode

In Challenge mode the user can type call to receive a phone call and directly authenticate.

Direct Mode

When authenticating in Direct mode, a user enters their username normally. In the password field, they should should enter their password followed immediately by a comma and call:

Regular input (without phone) :

    username: john.doe
    password: johnPassword

Input with call:

    username: john.doe
    password: johnPassword,call

Input with last 4 digits of phone number:

    username: john.doe
    password: johnPassword,5555

The user will receive a phone call and can authenticate by pressing any number on their phone.

Fallback Policy

In Policies when using Phone Call One-Step setting Fallback to Enabled allows users that do not have a LoginTC push token loaded to receive a phone call to approve instead.

For example, when authenticating in Direct mode, if the user does not have a LoginTC push token, but has a phone associated with them, they can authenticate that way.

This means that LoginTC RADIUS Connector protected Remote Desktop Gateways can now use phone call one-step as a way to authenticate.

For more examples see: Phone Call

Phone Call OTP Authentication

Authenticate by receiving an phone call with a 6-digit One-Time Passcode. This method works with both mobile and landline phones.

LoginTC Login Window

With the LoginTC iframe simply select the Phone from the Authentication Method dropdown menu and then select LoginTC Passcode:

Click Call me to receive a LoginTC Passcode on the selected device. Authenticate by entering the passcode in the input field and clicking Log in.

Challenge Interactive Mode

The call method can also be used Challenge Interactive authentication modes on the LoginTC RADIUS Connector for a smooth user experience. In the Challenge window simply enter call to receive an phone call with the 6-digit OTP. In Challenge Interactive mode a second window will display in which the OTP can be directly entered.

Direct Mode

When authenticating, a user enters their username normally. In the password field, they should should enter their password followed immediately by a comma and call:

Regular input (without phone) :

    username: john.doe
    password: johnPassword

Input with sms:

    username: john.doe
    password: johnPassword,call

If the user has a Phone associated with them and Phone Call OTP authentication is enabled the user will receive an phone call with a 6-digit One-Time Passcode (OTP). If call is used then the oldest phone associated with the user will be sent the OTP. The OTP can then be used in a subsequent authentication:

Input with OTP

    username: john.doe
    password: johnPassword,123123

For more examples see: Phone Call OTP

Video Walkthrough

LoginTC Phone Authentication

Troubleshooting

Need help? Please see our Help Page, Knowledge Base or contact us directly at support@cyphercor.com.