This section describes how to integrate Prove SMS Gateway with RSA Authentication Manager (AM) for On-Demand tokencode delivery.

SMS HTTP Plugin Configuration 

AM can be configured to integrate a supported Short Message Service (SMS) provider using HTTP, HTTPS, or XML-over-HTTP to deliver on-demand tokencodes to a user’s mobile phone.
Important: HTTP connections are not secure. Sensitive information, such as a tokencode, may be exposed. For secure connections, configure HTTPS.
Before configuring the HTTP plugin, you must locate the configuration parameters and base URL. Contact your SMS provider for this information. You must include the following elements within your provider’s parameters to retrieve data from the corresponding fields. 

SMS HTTP plugin is configured in AM Security Console. The configuration comprises the following sections:

1. Enable tokencode delivery by SMS
2. Success response code and response format
3. Configure SMS provider
4. Update configuration parameter using RSAUtil
5. (Optional) Configure SMS HTTP proxy 

Enable Tokencode Delivery by SMS

1. Sign in to AM Security Console.
2. Go to Identity >Identity Attribute Definitions and click Add New.
3. Add a new attribute with name: Mobile Number of type String. Keep the rest of the selections as the default.
4. At the bottom of this page, provide the following details.
   
   
   1. In the Internal Database field, type MOBILE_NUMBER.
   2. AD-114, specified in the preceding screenshot, is our external database. Map the appropriate value as per your system for the external identity source. 
5. Go to Setup > System Settings and click On-Demand Token Delivery.
   
6. Select the Enable the delivery of on-demand tokencodes using SMS service checkbox for Delivery by SMS.
7. Select the User Attribute to Provide SMS Destination from the drop-down list.
8. (Optional) Select the Default country code from the drop-down list.
9. Select HTTP from the SMS Plug-In drop-down list.
10. Click Save.
    
11. Go to Authentication > On-Demand Authentication > Enable Users and enable the user for on-demand authentication. 
    
12. Choose the values as displayed in the following screenshot and click Save.
    
13. Set up the PIN.

Success Response Code and Response Format 

Develop the request XML with the help of the documentation provided by Prove. Confirm if the response to the developed request is appropriate by using a client such as Postman. 
The Request XML that we used is as follows: 

<?xml version="1.0" encoding="UTF-8"?>
<AuthentXML xmlns="https://mfa.proveapis.com/MessageSchema.xml" version="1.0">
        <header>
            <tsoid>RSA_Incorporated</tsoid>
            <application>SMSDelivery</application>
            <asid>1234</asid>
            <licenseKey>b3a48360-4e2a-46b6-af6e-f70f650be814</licenseKey>
        </header>
        <body>
            <request>
            <data xmlns:dat="https://mfa.proveapis.com/CommonDataSchema.xml">
                    <phoneNumber>+91-9840795442</phoneNumber>
                    <namedData>
                    <dataItem name="messageText">abc1234</dataItem>
                    </namedData>
            </data>
            </request>
        </body>
    </AuthentXML>
 

• tsoid:  Customer ID or Client ID assigned by Prove.
• asid: Customer session ID. We used a random value for our testing.
• licenseKey: Provided by Prove.
• Application: “SMSDelivery”. Refer to the Prove documentation for more details.

Note down the Success code and devise a regex to parse the success code properly. This regex needs to be used as the Response Format in the next section.
The Success response for the request is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<AuthentXML xmlns="https://mfa.proveapis.com/MessageSchema.xml" version = "1.0">
    <header>
        <tsoid>RSA_Incorporate</tsoid>
        <asid>1234</asid>
        <sgid>03658d81-7fae-4c81-a98c-46e794c07796</sgid>
        <application>SMSDelivery</application>
        <teid>b63dd431-53b4-4d02-b5e0-e30444b84a32</teid>
        <replyTo>https://east.mfa.proveapis.com/s2s/default.asp?id=660DE67E6796A85A1205207D0C88BD3F07752D05</replyTo>
        <timestamp>2025-09-12T07:32:14Z</timestamp>
    </header>
    <body>
        <result>
            <status>
                <statusCode>0</statusCode>
                <statusText>Success</statusText>
            </status>
        </result>
    </body>
</AuthentXML>

For the response we received, we can use either of the following as the Response Format: 

• <statusCode>\s*(\d)\s*</statusCode>
• <statusText>\\s*([A-Za-z]+)\\s*</statusText>

Configure SMS Provider

Perform  the following steps on the SMS Provider Configuration screen:

1. Provide Base URL: https://mfa.proveapis.com
2. Select XML in the HTTP Method drop-down list.
3. Copy the following XML into the XML Request field after providing valid values for tsoid and licenseKey. Value of the application tag is SMSDelivery.
   <?xml version="1.0" encoding="UTF-8"?>
<AuthentXML xmlns="https://mfa.proveapis.com/MessageSchema.xml" version="1.0">
        <header>
            <tsoid>RSA_Incorporated</tsoid>
            <application>SMSDelivery</application>
            <asid>1234</asid>
            <licenseKey>b3a48360-4e2a-46b6-af6e-f70f650be814</licenseKey>
        </header>
        <body>
            <request>
            <data xmlns:dat="https://mfa.proveapis.com/CommonDataSchema.xml">
                 <phoneNumber>+$msg.address</phoneNumber>
                <namedData>
                <dataItem name="messageText">$msg.message</dataItem>
                </namedData>
            </data>
            </request>
        </body>
 </AuthentXML>  
4. Enter Account User Name for the SMS Provider. Prove does not employ username and password and hence we would give dummy value of 9999 in the username field. 
5. Provide a dummy Account Password for the SMS Provider; for example, 9999.
6. In the Success Response Code field, type 0.
7. Copy the following line into the Response Format field.
   <statusCode>\s*(\d)\s*</statusCode>
   
8. Perform the following steps to add a certificate.
   1. Open the BaseURL (include “/platform” in the base URL) in a browser.
   2. Download the certificate as a certificate chain (Base64 encoded ASCII).
   3. Install this in the machine and export the certificate in .cer format.
   4. Click Import Certificate to import this certificate.

Important: For Prove UAT, replace mfa.proveapis.com with uat.mfa.proveapis.com for all the occurrences in the request XML. Contact Prove to obtain the Base URL and license for the UAT environment, test the integration, and then work with Production environment.

Update Configuration Parameter Using RSAUtil

1. Connect to the primary instance of AM via SSH as the admin user, and then execute the following commands.
   

   /opt/rsa/am/utils/rsautil export-config -o OutputFile

   This command exports the list of configuration parameters available to a file named OutputFile in the current directory. Make sure to delete this file before running this command again.

2. Search for the auth_manager.oda.sms.xml.is_query_param_excluded parameter in the file.
3. If the preceding parameter is unavailable, create this parameter using the following command:
   

   /opt/rsa/am/utils/rsautil store -a add_config  auth_manager.oda.sms.xml.is_query_param_excluded TRUE GLOBAL String

   If the preceding parameter is available and is set to false, update it to true using the following command:

   /opt/rsa/am/utils /rsautil store -a update_config auth_manager.oda.sms.xml.is_query_param_excluded TRUE  GLOBAL 
   

4. Once updated, log in to the Operating console as an admin and go to Maintenance > Flush Cache.

5. Select Flush all cache objects and then click Flush.

Important: Updates mentioned in this section are required for Prove and may not be required for other SMS gateway providers.                                                                                              

(Optional) Configure SMS HTTP Proxy

1. Enter the configuration settings for your HTTP Proxy server if you are using one.
   
2. Click Update to save the SMS configuration.

The configuration is complete.