Who is affected: Okta customers who need to migrate to a new telephony provider for Okta's September 15, 2024 transition date.
Products affected: SMS and voice

Changes

• Telesign offers two telephony inline hook solutions to integrate with Okta:  Telesign, one of Okta’s telco partners, now offers easy integration for existing Okta customers wanting to continue using SMS and voice. Telesign offers a no-code inline hook solution and a write-your-own-code solution to help you bring your own telephony provider (Telesign) to replace Okta's previous internal platform for SMS and voice telephony.
• Telesign no-code inline hook solution: Our prebuilt, no-code inline hook solution is ideal for companies looking for an easy, fast implementation with minimal steps. The Okta integration using Telesign’s no-code telephony inline hook is managed by Telesign, so there is no coding, development, or IT infrastructure required. This no code options enables delivery of one-time passcodes (OTPs) via SMS and voice and a one step integration into Okta flows.
• Write your own code solution: Telesign offers the ability to code your own integration using our full-service APIs to deploy your own code to help you "bring-your-own-platform" to Okta, replacing Okta's previous internal platform for SMS and voice telephony. This process allows you to build a telephony inline hook for your Okta account, enabling delivery of one-time passcodes (OTPs) via SMS and voice. You can integrate your own custom code into Okta flows that send SMS or voice call messages (except for Okta verify enrollment).
• Features offered: Telesign offers easy configuration on Okta console, an endpoint for accepting Okta’s requests on telephony inline hook, delivery of verification messages over SMS or voice to end users, synchronous responses to Okta (success/error), and availability of Telesign's callback feature and get status options for additional insights on the delivery status of your transaction.

How this may affect you

• Okta telephony service changes:  In August of 2023, Okta stopped offering out-of-the-box telephony services (SMS and voice) for new customers. Starting September 15, 2024, all renewing customers must bring-their-own telephony provider via Okta’s Telephony Inline Hook to continue to send SMS and voice messages. Okta customers will need to have their own telephony provider configured at the time of their renewal using Okta’s telephony inline hook or risk disruptions in their service.
• Okta's change applies to multi-factor authentication (MFA) and non-MFA use cases:  This change will affect customers who want to continue to use SMS and voice messages for sending one-time passcodes (OTPs) for a range of user authentication flows, including requiring MFA at sign-in, enrolling a new device, authorizing a password reset, and unlocking an existing account.

Additional information

• If you are new to Telesign OR have questions regarding Telesign's telephony inline hook solutions, please contact us.

Who is affected: Messaging customers
Products affected: Messaging - WhatsApp and SMS

Changes

• New template management tool:  A new Messaging tool that allows you to create custom templates, used by the Messaging API, programmatically, supporting multiple channels. Currently, WhatsApp and SMS are supported. By using the Template Management tool you will be able to create custom templates based on your needs that are stored with Telesign and automatically approved by providers, if necessary, in one work flow.
• Variables supported You can use variables with Telesign's new custom Template Management tool. You can define and use multiple variables in SMS and WhatsApp templates.
• Robust optional template features for WhatsApp messages:  The Template Management tool allows you to create templates that can include header with text or media. You can add a text-based footer, up to two call-to-action buttons, as well as interactive messages with up three quick reply buttons.
• New WhatsApp OTP copy code template:  A copy code authentication template allows you to send a one-time passcode (OTP) along with a copy code button to your end-users. When a WhatsApp user taps the copy code button, WhatsApp copies the passcode to the clipboard of the end-user's device. The end-user can then switch to your app and paste the passcode into the app.
• New WhatsApp OTP one-tap template available for Android apps A one-tap autofill authentication template allows you to send a one-time passcode (OTP) along with an Autofill button to your end users. When an end user taps the Autofill button, the WhatsApp client triggers an activity which opens the end user's app and delivers the password or code to the app.
• New WhatsApp OTP zero-tap template available for Android apps A zero-tap authentication template allows end users to receive one-time passwords or codes via WhatsApp without having to leave your app. When an end user using your app requests a password or code and we deliver it using zero-tap authentication. From end user's perspective, they request a password or code in your app and it appears in the app automatically.

Who is affected: Messaging customers who use WhatsApp for Authentication messages sent to India and Indonesia.
Products affected: Messaging - WhatsApp

Changes

• Authentication International Rates pricing category:  WhatsApp is introducing a new pricing category called "Authentication International Rates", which is a category by WhatsApp that will specifically apply to authentication messages sent to India and Indonesia. WhatsApp is implementing pricing changes under this new category in two phases: June 1, 2024 for Indonesia and July 1, 2024 for India.
• Geographical impact:  Customers located in India will be charged the new international rate for authentication messages sent to users in Indonesia, and vice versa. Customers located in another country (e.g., the US, Serbia) will also be subject to these new rates when sending authentication messages to users in India or Indonesia. There are no changes to the pricing for any other country.
• Authentication templates for India:  Starting on July 1, 2024, India will be eligible for sending authentication templates. This update allows customers to utilize authentication messaging services within India, one of the largest markets in the world. Previously, WhatsApp has not allowed the use case of authentication in India.
• Messaging categories remain the same: The existing pricing categories match the existing categories of messages: Authentication, Utility, Marketing, and Service. These message categories remain the same, but the key change is the differentiation within the Authentication category, where messages sent internationally will now incur a higher rate compared to domestic authentication messages.
• Why this change is important: Domestic (lower) pricing is advantageous to customers which have a business registered in these countries. Previously, WhatsApp pricing was only based on destination country and not based on business location. Pricing based on business location is a common practice for SMS, but is new for WhatsApp.

Additional information 

• "Authentication International Rates" will apply only if Meta has identified a customer as eligible. Please see Authentication - International Rates and emails from Meta and Telesign or contact your Telesign Customer Success Manager (CSM) for more information.

Who is affected: Verify API customers
Products affected: Verify API

Changes

• New Verify API parameter for POST request:  Use the new security_factor parameter to define your own one-time passcode (OTP) for a verification process. This gets applied to all OTP-based methods (SMS, WhatsApp, etc.) in the active verification policy. By default the length of OTPs is limited to six-digits, contact Telesign Customer Support to change the configured OTP length (minimum three-digits, maximum 10-digits). See Create a verification process for full reference details about this parameter.
• New use for existing Verify API parameter for PATCH request: Use the security_factor parameter to send Telesign your end user's asserted OTP, so you can end the verification process and avoid added costs due to additional sends to the same end user. See Update a verification process for full reference details about this parameter.

Who is affected: Full-service Phone ID customers
Products affected: Phone ID - Contact and Contact Match

Changes

• Email ID added to Contact:  When available, Email ID returns the first name, last name, address, city, state/province, country, and ZIP Code that are associated with a submitted email address and phone number when using the Contact Identity attribute. This feature enhances any industry specific use case where a digital identifier is involved. See Phone ID - Identity attributes: Contact for more information.
• Email ID added to Contact Match: Email ID provides additional match scoring of the submitted information based on the email address, on top of the phone number. See Phone ID - Identity attributes: Contact Match for more information.
• Requirements: Email ID supports one email address, specifically, it will return data based on the email address that was submitted upon sign-in or sign-up. Because Email ID is part of Phone ID, it will only return a response if there is a valid phone number in the request. Contact our Customer Support Team regarding any applicable consent and opt-in requirements that may apply.
• Availability: Email ID is currently available to Full-service customers with end-users in the United States. Please contact our Customer Support Team to obtain the latest information on supported markets and to enable Email ID for your account.

Who is affected: Messaging customers
Products affected: Messaging - MMS, RCS, Email, and SMS

Changes

• New Messaging callbacks parameter:  A new Messaging callbacks parameter identifies the channel used for an end user's response - ideal for situations when the same Mobile Originated (MO) Callback URL is used for more than one channel. This simplifies using one MO Callback URL for an integration. The new parameter sub_resource returns a value that lists the specific channel used when an end user replies with a suggested action or by sending an inbound message. For example, if the end user's response is via the RCS channel, sub_resource returns the value mo_rcs. The values for each channel are listed below:
  • MMS: mo_mms
  • RCS: mo_rcs
  • Email: mo_email
  • SMS: mo_sms

Who is affected: All customers using Telesign verification products
Products affected: SMS Verify, Voice Verify, Silent Verify, App Verify (deprecated), Smart Verify (deprecated)

Changes

• Naming migration: The products we formerly referred to as the "Telesign Verify API" have now been renamed; each one is now a separate API of its own. No changes have been made to the API contracts or integration requirements, but our documentation has been changed to reflect this new naming convention.
  The names that have been changed are:
  • SMS Verify → SMS Verify API
  • Voice Verify → Voice Verify API
  • Silent Verify → Silent Verify API
  • Smart Verify (deprecated) → Smart Verify API (deprecated)
  • App Verify (deprecated) → App Verify API (deprecated)
  • Verify API → Verification products
• We made this change to free up the name "Verify API" to be used for a new product, as described below.
• New Verify API released: The new Telesign Verify API released today allows you to perform phone-based, multi-factor authentication (MFA) using multiple channels and methods. By setting multiple channels in your verification policy, you can even cascade from your primary channel to another one when the primary authentication method isn't available.
• Authentication methods available for this new service include:
  • SMS one-time passcode (OTP)
  • WhatsApp OTP
  • Viber OTP
  • RCS OTP
  • email OTP
  • Silent Verify (Contact our sales team for availability in your region.)
  • Push Verify (Contact our sales team for availability in your region.)
• Our legacy verification APIs are still fully supported.

Key benefits

• Here are the key benefits to you of using this new product for verification:
  • One-stop shop for verification: As Telesign continues to add new verification methods, you can save on developer time to integrate with them, since you'll continue using this single API.
  • Create cost savings and predictability: As your budget and messaging costs change, you can easily adjust the mix of verification channels you use to what's right for your business without changing the API endpoint you are making requests to.
  • Improve your customers' experience: Over-the-top (OTT) channels offer additional brand protection and security not offered by traditional OTP channels like SMS or voice. Using channels like WhatsApp, RCS, and Viber allows you to send to a customer's preferred communication channel and deliver rich media experiences not available with SMS or voice.

Who is affected: SMS Verify customers using Verify Plus
Products affected: SMS Verify with Verify Plus

Changes

• SMS Verify customers now have an option for enhanced detection of IRSF:  The new enhanced International Revenue Share Fraud (IRSF) detection in Intelligence delivers improved customer fraud protection. Internal analysis showed a double-digit increase in block share under IRSF attack conditions and with even higher block share increases possible for specific country origins.
• No integration changes or preparation needed: Making use of this enhancement requires no special integration work for Intelligence 2.0 customers. To get started, Full-service customers should reach out to their customer contact and Self-service customers should contact our Customer Support Team.

Who is affected: Customers using Intelligence
Products affected: Intelligence

Changes

• Intelligence 2.0 customers now have an option for enhanced detection of IRSF: The new enhanced International Revenue Share Fraud (IRSF) detection in Intelligence delivers improved customer fraud protection. Internal analysis showed a double-digit increase in block share under IRSF attack conditions and with even higher block share increases possible for specific country origins.
• No integration changes or preparation needed: Making use of this enhancement requires no special integration work - simply inform your customer contact of your interest in using this feature. If you are a self-service customer, contact our Customer Support Team to assist you with getting these enhancements.
• Possible increase in latency: While Telesign strives to minimize any impact on performance, customers should expect to experience an modest increase in latency when using this enhancement. However, the improved IRSF fraud detection accuracy outweighs the minor latency increase.

Who is affected: Full-service customers
Products affected: Phone ID

Changes

• Breached Data identity attribute added to Phone ID: The Telesign Breached Data identity attribute flags phone numbers that have been involved in a recent data breach, helping prevent synthetic identity fraud and account takeovers by fraudsters using stolen passwords and credentials. See our solution brief. You can determine the date of the latest data breach, as well as any other personal identifiable information (PII) that was compromised in that data breach. This allows you to identify the accounts of the users whose PII was recently compromised. Accounts that belong to users impacted by recent data breaches are at additional risk of being targeted by fraudsters, as the users' data might be accessible on the dark web.
• Global coverage: Telesign Breached Data provides global coverage through a single API integration with very low latency. Check phone numbers against a dark web database of more than 166 billion breached data records across email, passwords, IP addresses, usernames, and geographies to confirm breach status.
• Continuous protection: Breached Data is updated daily so you can be informed of recently breached data, typically weeks or even months before anyone else.
• Coordinated coverage: Breached Data works with other Phone ID identity attributes through the same API.