Implementing Email One-Time-Passcode and Magic Link Login

Enhance your users’ login experience by offering a more secure and user-friendly alternative to traditional passwords. Implementing Email One-Time-Passcode (OTP) and Magic Link login methods can provide a seamless and passwordless authentication process, improving both user satisfaction and security.

Email One-Time-Passcode (OTP) and Magic Link login methods offer passwordless authentication, allowing users to access your site by receiving a unique code or a direct link in their email. This approach enhances security and simplifies the login process.

Email OTP sends a one-time code to the user's registered email address, which they then enter on the login page to verify their identity. Magic Link, on the other hand, sends an HTML link to the user's email. Clicking this link automatically logs them into the site.

These methods can be easily implemented by linking your site's login button to the PasswordlessLogin screen-set instead of the RegistrationLogin screen-set. This presents a simplified login screen to users, offering them the option to receive an OTP or a Magic Link.

To use Email OTP or Magic Link, ensure your site's policies are configured to use Email as the Login Identifier. This setting is crucial for the system to recognize and use email addresses for authentication purposes.

To use either of the options on the slide, your site Policies must be configured to use Email as the Login Identifier.

When selecting Magic Link, you must define the URL where the magic link will redirect the user when clicked. This is typically your landing page or the page that users typically log in from. You can also control how long it remains valid by adjusting the TTL of the link from 60 seconds to 600 seconds (10 minutes).

For more information, refer to the Limitations for Email OTP and Magic Link documentation in the SAP Help Portal.

Instead of using the default gigya-raas.com domain, you can configure one or more SMTP servers to send emails from your own domain. This is particularly useful for maintaining brand consistency and ensuring that emails are seen as sent directly from your organization.

Supported Email Providers are:

• Amazon SES
• Gmail SMTP
• Mailgun By Sinch
• Microsoft 365
• SAP Email Provider
• Sendgrid By Twilio
• SMTP Server (Generic)

If you are using email forwarding (SMTP relay) to send emails from your own servers, ensure you allowlist the SAP Customer Data Cloud server IP addresses to prevent delivery issues.

When configuring an email domain, you'll need to specify the following:

• From Address - The email address used to send emails from your account, such as no-reply@example.com
• SMTP Server - The URL of your email server, for example, smtp.gmail.com for Gmail.
• Port - The server port used for sending messages.
• Use TLS - Enable this option to ensure emails are sent via an encrypted connection, which is highly recommended for security.

Email domains are stored at the tenant level, making any configured email provider available to all sites and partners within the same SAP tenant.

For each configured Email provider, you can enable receiving email notifications to alert you when problems are detected. Configure the Error Threshold, which is the number of failed emails within the previous 6 hours that will trigger a notification. You'll also need to assign at least one email address to receive these alerts. The Error Threshold must be an integer between 1 and 65535

It's important to configure and test your SMTP server before updating any email templates in the console to ensure proper functionality.

For more information on email providers configuration, please refer to Email Providers | SAP Help Portal