User Guides
Home
Start typing to search…

RiskOS™ Dashboard Setup

Learn how to set up Socure One-Time Passcode in the RiskOS™ Dashboard to add strong possession-based authentication to your workflows.

Set up One-Time Passcode in the RiskOS™ Dashboard

Before you start

Make sure you have the following:

Access to the RiskOS™ Dashboard with the One-Time Passcode enabled.

  • Your account owner or administrator can enable this for you. If you're unsure who to contact, reach out to support for assistance.

A basic understanding of RiskOS™ workflows and components.

  • If this is your first time working with workflows, review the Workflow overview to understand inputs, enrichments, routing logic, and decisions.


How it works

Socure One-Time Passcode is an enrichment available in RiskOS™. It generates a one-time passcode, delivers it via SMS, voice, or email, and validates the user’s input against the generated code. The module then returns a decision (Approved, Declined, or Pending) to drive workflow routing.

📘

Note:

Approved, Pending, and Declined are the default decision values. Customers can customize the response to added or to delete default values based on specific workflow needs.


Choose your configuration

Select a simple single-channel One-Time Passcode setup or a more advanced configuration with multiple delivery options and fallback logic.

Single Channel Setup with SMS, Email, or Voice

Ideal for simple One-Time Passcode delivery using one primary method. Choose a single channel and configure straightforward verification logic.

Best for:

  • Simple authentication flows
  • Single contact method verification
  • Quick implementation

Channels: SMS, Email, or Voice

Advanced setup with two channels

Enables fallback options across multiple delivery channels. Improves success rates by offering an alternative method when the primary channel fails.

Best for:

  • Enhanced user experience
  • Higher delivery success rates
  • Mission-critical authentication

Channels: SMS + Email fallback


Channel setup

You can configure One-Time Passcode delivery using a single channel to send the code through one primary method without any fallback logic.

The sample workflow below demonstrates how to support a single delivery channel.


Step 1 - Add One-Time Passcode Verification enrichment step to a workflow

  1. In the RiskOS™ Dashboard, go to Workflows and create a new workflow or open an existing one.
  2. On the Workflow Canvas, click the plus (+) icon and add an One-Time Passcode (OTP) Verification step.

  1. In the Configuration panel on the right, set up the OTP Verification step:
  • Select Channel: Choose how to deliver the code:
    • SMS: Send the code via SMS text message to a consumer's phone number.
    • Email: Send the code to the consumer's email address.
    • Voice: Deliver the code through an automated phone call.
📘

Note:

  • Phone numbers must be in E.164 format.
  • Email addresses must be in RFC 5322 format.
  • Define Waiting Status and Queue: Configure how the workflow waits for verification (the entity stays in this state until the OTP is verified or times out):
    • Status: Controls whether the workflow pauses (On Hold, recommended) or continues (Open).
    • Sub-status: Optional, adds a more specific tracking state.
    • Queue: Determines where the entity is routed while waiting.
  • Define Output Field: Enter the field name where the OTP result will be stored. You can reference this field later in the workflow or in your API response.

Step 2 - Add a Condition step

On the Workflow Canvas, click the plus (+) icon and add a Condition step. In the Configuration panel, create corresponding outcomes for both true and false cases.

Example status values used for One-Time Passcode condition logic

StatusDescription
PendingOne-Time Passcode sent but not yet verified (still within 10-minute expiration).
ApprovedOne-Time Passcode successfully verified.
RejectOne-Time Passcode exceeded 5 attempts or expired (after 10 minutes).

For more information on configuring conditions, see Create and Edit a Workflow.


Step 3 - Add Decision steps

On the Workflow Canvas, click the plus (+) icon and add a Decision steps to your True and False conditions to route the decision accordingly:

StatusDescription
APPROVEOne-Time Passcode was successfully verified. The consumer is authenticated and can continue.
DECLINEOne-Time Passcode verification failed (expired, exceeded attempts, or invalid). The consumer cannot proceed.

Step 4 - Save and publish

Once your workflow is configured, publish it to go live.


Workflow testing checklist

Use this checklist to confirm accuracy, resilience, and completeness before going live.

Phone number:

Phone numbers are valid E.164 values

Email:

Email addresses follow RFC 5322 format and are deliverable
One-Time Passcode logic:

Codes are generated in sub-second time
Retry limits are enforced
Expiration windows are enforced
Cooldown behavior is applied after failures
Escalation and fallback:

Alternate delivery channels are available
Manual review or secondary verification paths are defined

Updated about 1 month ago