mTAN/SMS authentication

In mTAN authentication, a one-time password (OTP, also referred to as token code) is sent to the user's mobile phone as an SMS message. The code is then entered into an input field by the user.

Authentication with mTAN can be used as the second step in an authentication scheme.

Note that there are many other use-cases in IAM where OTPs are sent via SMS.


  • Channel verification in self-registration
  • Channel verification in the password reset self-service
  • Mobile number management self-service
  • Mobile number self-registration


  • The following requirements must be met in order to make use of mTAN authentication:
  • Users must have a mobile phone (or another device for receiving SMS messages).
  • An SMS sending service (SMS gateway) must be available and connected to Airlock IAM.
  • The user's mobile phone number must be known to Airlock IAM.

It is very important, that the mobile phone number of a user is authentic, i.e. it must be sure, that the number really belongs to the person intended!

Airlock IAM offers self-services that help you to obtain authentic user mobile phone numbers with minimal administrative overhead (mTAN token self-services).