Authenticate all users using Conversational SMS Integration with Twilio with Soft PIN (SN) and Google authenticators as the 2-factor authentication mechanisms for account linking.

Before you begin

Role required: virtual_agent_admin or admin

Procedure

  1. On your ServiceNow instance, enter sys_cs_provider.list and open VA SMS Twilio Adapter Provider record.
  2. In the VA SMS Twilio Adapter Provider record, select the Allow account linking check box.
    Selecting the Allow account linking check box populates the Link account action and Account linking type options.
  3. Select Verification question and MFA from the Allow account linking drop-down.

    When Verification question and MFA is selected, the Automatic link action field populates with the sn_va_sms_twilio.va_sms_auto_link_account value.

    With Verification question and MFA selected, the end user is asked to enter the Soft Pin along with an MFA (Multi-factor Authentication) OTP (One Time Password) and Google authenticator is the default MFA method for SMS Twilio for enhanced security.

    If there is an invalid input/failure, you can continue the conversation as a guest user. ​Upon success, the session is elevated to the authenticated user session.

    Also, you can also look up the automatic link flow action from the Workflow Studio.

  4. Navigate to the Define the identity and messages for this connection section on the SMS Twilio provider channel record and click the Provider Properties tab to configure the following mandatory MFA Provider Properties.
    • verification_question_id: Default sys_id for SoftPIN verification. The default value can be customized.
    • two_factor_methods: By default, Google authenticator is the two factor method if Verification question and MFA is selected.
      google_autheticator or sms are the supported values.
      Note: If this property value is updated, then the mfa_question_id property value must be updated to the sys_id of the corresponding verification Id.
    • mfa_question_id: Corresponds to the two-factor method. The value is the default sys_id for the google authenticator verification type.
      Note: If you set the value of two_factor_methods property to sms, then you must update the sys_id of this property to SMS verification type.

      To get the SMS verification type sys_id, navigate to Verification Types and copy the SMS Code Verification Type sys_id record.

  5. To use account linking in SMS Twilio, navigate to the User [sys_user] table by entering sys_user.list, pick a user, and update the user's mobile phone number with a valid incoming mobile phone number.
    After the incoming phone number is authenticated, the system authenticates the user and links the phone number to the respective User [sys_user] ID.
  6. To Enroll the Soft PIN, perform the following steps:
    Setting up your Soft PIN enables you to use this PIN for identifying yourself when you try to have a conversation via SMS.
    1. Impersonate the user that you picked in the Step 5 and navigate to Password Reset > Enroll.
    2. In the Password Reset Enrollment record, under the Soft PIN Verification tab, enter the Soft Pin in the Enter the Soft PIN field.
    3. Under the Authenticator App Verification tab, click Generate a new QR code to generate the QR code for your Google authenticator if you have downloaded one.
    4. Click Submit.

    When authentication is enabled for SMS, even when an actionable notification is triggered for the user in SMS conversation, user is expected to enter the Soft PIN and MFA to execute the action. For example, when an incident is updated, an actionable notification is triggered on the SMS app and you are asked to input your authentication code (Soft PIN or MFA code).