Voice OTP

SecureAuth Connect Voice OTP delivers one-time password (OTP) verification codes to users by automated phone call, using Twilio Programmable Voice as the delivery channel. When a user selects Voice OTP during authentication, SecureAuth Connect calls their phone number and reads the verification code aloud using text-to-speech.

Use cases

Voice OTP fits when you need a phone-based second factor and SMS is not available or not preferred.

• Accessibility: Users with visual impairments or difficulty reading text messages can hear the code spoken.
• Fallback for SMS failure: Some mobile carriers block OTP text messages or deliver them with long delays. A voice call bypasses that delivery path.
• Regions with unreliable SMS: In some countries, voice delivery is more reliable than SMS.
• Landlines: Users who only have a landline can still receive a voice OTP.

Voice OTP is not the best fit when users are in an environment where they cannot answer a call (loud, quiet, shared spaces), or when call delivery costs are a concern for very high-volume applications.

How voice OTP delivery works

When a user selects voice call as their OTP delivery method, SecureAuth Connect places an automated phone call to the user's registered phone number. During the call, SecureAuth Connect reads the OTP code aloud one digit at a time with pauses for clarity. The user then enters the code on the verification screen in their browser.

Voice OTP uses the same phone number as SMS OTP. Users do not need to register a separate number for voice delivery.

tip

Use a Twilio phone number that is verified and enabled for outbound voice calls in your target regions. Check Twilio's geographic permissions to confirm Twilio can place calls to the countries where your users are located.

Prerequisites

• Tenant administrator access
• A Twilio account with Programmable Voice enabled
• A Twilio phone number capable of making outbound voice calls

Set up Twilio as voice provider

Set up Twilio as the voice provider for this channel. This does not affect your SMS provider settings.

1. Go to Tenant Settings > Message Providers.

2. Select the Voice tab.

3. Select Twilio as the voice provider.

   

4. Enter the required Twilio settings:

   Setting	Description
   Twilio SID	Your Twilio Account SID from the Twilio console.
   Twilio Auth Token	The corresponding authentication token. Do not share or expose this token.
   From	The sender phone number registered with Twilio. Format must follow E.164 standard (for example, +16175551212). The number must be enabled for voice calls.

5. Click Save.

Test your configuration

Use the built-in test option to verify voice call delivery:

1. Go to the Make a test call section.

2. Enter a recipient phone number in E.164 format.

3. Click Make test call.
   You should receive an automated phone call that reads a test OTP code aloud. Verify that the call connects and you can hear the code clearly.

Set code length and lifetime

These settings are tenant-level and apply to all workspaces.

1. Go to Tenant Settings > MFA Settings.

   

2. Enable Voice Call.

3. Configure the verification code settings:

   Setting	Description
   Verification Code Length	The number of digits in the code (for example, 6).
   Verification Code Lifetime	How long the code remains valid (for example, 5 minutes).

4. Click Save.

tip

Set code expiration based on your security policy. A common range is 2 to 5 minutes. Shorter lifetimes are more secure but may cause issues if voice calls take longer to connect.

Enable voice OTP as an authentication method

After configuring the voice provider, you need to enable Voice OTP as an authentication method:

1. In your workspace, go to Authentication > Settings.

2. Select the Methods tab.

3. Select the Voice OTP check box.

   

4. Click Save.
   If you have not set up the voice provider yet, the Allowed Authentication Methods page shows a link under Voice OTP that takes you to the configuration page.

Add Voice OTP as a sign-in method

Add Voice OTP as a first-factor or second-factor authentication method for your users.

1. Go to Users > Sign-in and Sign-up.

2. Under First-Factor Authentication Methods or Second-Factor Authentication Methods, click + Add method and select Voice OTP.

3. (Optional) To make Voice OTP the preferred method shown at sign-in, click the three-dot menu and select Make Preferred. Only one method can be preferred per identity pool.

   

4. Click Save.

OTP rate limiting

SecureAuth Connect enforces rate limits on OTP send requests to prevent abuse. If a user or API client exceeds the allowed number of OTP requests within a time window, subsequent requests are temporarily blocked.

See also

• Email OTP
• SMS OTP
• Configure voice message templates
• Multi-factor authentication (MFA)