Vaughan Harper's blog ISAM How to set up ISAM for step-up authentication using SMS OTP
How to set up ISAM for step-up authentication using SMS OTP


How to set up ISAM for step-up authentication using SMS OTP

It is possible to configure IBM Security Access Manager (ISAM) including its Advanced Access Control (AAC) module to support step-up authentication using One Time Passwords (OTPs) sent by SMS to a mobile phone (cell phone) using an SMS gateway. Here is an outline guide to the process for setting this up.

  1. Load the AAC activation key into the ISAM appliance where the AAC module is run. (Manage System Settings > Updates and Licensing: Licensing and Activation.)
  2. By default, the ISAM Advanced Access Control runtime listens only on the local loopback interface of the appliance ( In order to be able to access the ISAM AAC runtime from the Reverse Proxy appliance it is therefore necessary to configure the AAC to listen on the specified interface. (Secure Access Control > Global Settings: Runtime Parameters.)
  3. Set the password for the EAS user. (Secure Access Control > Global Settings: User Registry.)
  4. Run the ISAM Auto-configuration Tool.
  5. Set up a certificate store for communication with SMS gateway. (Manage System Settings > Secure Settings: SSL Certificates.)
  6. Configure SMS gateway characteristics: on the AAC appliance LMI, go to Secure Access Control > Policy: Authentication. Click Mechanisms. The list of authentication mechanisms will be displayed. Click SMS One-time Password. Click the edit icon: the Modify Authentication Mechanism dialogue box will be displayed. Click Properties: the Modify Authentication Mechanism properties will be displayed. Set the properties correctly for the SMS gateway being used.
  7. Ensure that the the name of the attribute in the user’s credential which contains the user’s mobile number is ‘mobileNumber’.
  8. Create an access control policy which will be used to trigger step-up authentication using SMS OTP. (Secure Access Control > Policy: Access Control.)
  9. Attach access control policy to protected resource. (Secure Access Control > Policy: Access Control)


Tagged , ,

Written by Vaughan

One thought on “How to set up ISAM for step-up authentication using SMS OTP

  1. Nice Article,

    I am working on a requirement which requires external users to go through username/passwd as first factor and email OTP as Second factor.

    one way to identify external users is their LDAP group membership and their LDAP suffix GUID.

    how can I use ISAM 9.0.03 AAC to configure this 2FA?

Leave a Reply

Your email address will not be published. Required fields are marked *