.. _sms:

Configuring MFA with SMS
========================

SMS can be used to verify identity by prompting to enter a code only known
to the person possessing the registered mobile phone number.

In order to enable MFA using SMS, you will need to create a new Radius Policy.

Step 1 - Create a new Radius Policy
-----------------------------------

#. Navigate to Policy in the top panel
#. In the left window, click on Radius Policy
#. Click on Tasks and select Create
#. Enter Name for Radius Policy
#. Under the Conditions section, select the criteria to match on
#. Click Add 
#. Scroll down to the Policy Section
#. Set Access Policy to 'Continue' (this allows for the MFA challenge)
#. Set 2-Step Authentication to 'Text Message'
#. Click Create

.. note:: Status can be left in 'Disabled' mode until you are ready to test.

.. note:: In order for MFA using SMS to function, ensure the user account has a mobile number entered under Management > User > userid > User Information > Mobile Phone.

Step 2 - Test / Validate
------------------------

#. Connect using the Genian |product_name| Connection manager
#. Right-click on the tray icon
#. Select Network Access and then site name to connect
#. Sign in with user ID/password 
#. An 'Authentication Code' window should display
#. This code will be sent via SMS to the number list in the user profile
#. Enter code into the 'Authentication Code' window
#. If code is correct, |product_name| Connection Manager should update that you are now connected