--- title: Setup one-time passcodes description: PingOne supports several methods of multi-factor authentication (MFA), which is the practice of requiring more than one type of evidence to identify a user. For example, a username and password together are considered a single factor. component: sdks version: latest page_id: sdks:davinci:use-cases/otp/index canonical_url: https://docs.pingidentity.com/sdks/latest/davinci/use-cases/otp/index.html revdate: Tue, 25 Mar 2025 11:00:37 +0100 keywords: ["PingOne Advanced Identity Cloud", "PingAM", "Journeys", "Setup & Configuration", "Source Code", "Use Case", "SDK", "IDP"] section_ids: steps: Steps before_you_begin: Before you begin configure_client_apps_for_one_time_passcodes: Configure client apps for one-time passcodes --- # Setup one-time passcodes PingOne supports several methods of multi-factor authentication (MFA), which is the practice of requiring more than one type of evidence to identify a user. For example, a username and password together are considered a single *factor*. Adding more authentication factors, such as one-time passcodes, helps to strengthen your security posture and reduce the chance of a data breach. ![Users must provide a minimum of two pieces of verifiable information to authenticate.](../../_images/mfa-diagram.svg)Figure 1. Using multiple factors to authenticate users To learn more, refer to [Single-factor, Two-factor, and Multi-factor Authentication](https://www.pingidentity.com/en/resources/identity-fundamentals/authentication/single-factor-two-factor-multi-factor-authentication.html) in the Identity Fundamentals documentation. The Ping (ForgeRock) SDKs help you to integrate authentication flows that use one-time passcodes into your client applications. The Ping (ForgeRock) SDKs support the following one-time passcode delivery methods: * Email When email authentication is configured, and the user signs on to their account or app, they are sent an email with a one-time passcode (OTP) to authenticate with. ![Receiving an OTP via email.](../../_images/otp-email.png)Figure 2. Receiving an OTP via email The OTP is valid for up to 30 minutes. * SMS When configured, a one-time passcode (OTP) is sent to the user's mobile device as a text message using SMS. ![Receiving an OTP via SMS.](../../_images/otp-sms.png)Figure 3. Receiving an OTP via SMS The OTP is valid for up to 30 minutes. * Voice When configured, a one-time passcode (OTP) is sent to the user's mobile device or landline phone using telephony voice channels. The OTP is valid for up to 30 minutes. ## Steps Complete the following steps to integrate one-time passcode authentication into your client applications: ## [Before you begin](00_before-you-begin.html) Before you begin this tutorial, ensure you have set up your PingOne instance with the required configuration. For example, you will need an OAuth 2.0 client application setup. [**Complete prerequisites**[icon: chevrons-right, set=fas, size=xs]](00_before-you-begin.html) ## [Configure client apps for one-time passcodes](01_handle-one-time-passcodes-in-client-apps.html) Learn how to set up your Android, iOS, and JavaScript client apps to handle authentication flows that require one-time passcodes. [**Start step 1**[icon: chevrons-right, set=fas, size=xs]](01_handle-one-time-passcodes-in-client-apps.html)