--- title: Setting up one-time passcodes description: Explains how to implement one-time passcode (OTP) authentication in your client applications using the DaVinci module, covering email, SMS, and voice delivery methods. component: orchsdks page_id: orchsdks:davinci:use-cases/otp/index canonical_url: https://developer.pingidentity.com/orchsdks/davinci/use-cases/otp/index.html revdate: Fri, 17 Oct 2025 14:50:55 +0100 keywords: ["DaVinci", "OTP", "MFA", "Authentication", "Email", "SMS", "Voice"] section_ids: steps: Steps before_you_begin: Before you begin configure_client_apps_for_one_time_passcodes: Configure client apps for one-time passcodes --- # Setting up one-time passcodes [icon: circle-check, set=far]PingOne [icon: android, set=fab]Android [icon: apple, set=fab]iOS [icon: js, set=fab]JavaScript PingOne supports several methods of multi-factor authentication (MFA), which is the practice of requiring more than one type of evidence to identify a user. For example, a username and password together are considered a single *factor*. Adding more authentication factors, such as one-time passcodes, helps to strengthen your security posture and reduce the chance of a data breach. Figure 1. Using multiple factors to authenticate users To learn more, refer to [Single-factor, Two-factor, and Multi-factor Authentication](https://www.pingidentity.com/en/resources/identity-fundamentals/authentication/single-factor-two-factor-multi-factor-authentication.html) in the Identity Fundamentals documentation. The Orchestration SDKs help you to integrate authentication flows that use one-time passcodes into your client applications. The Orchestration SDKs support the following one-time passcode delivery methods: * Email When email authentication is configured, and the user signs on to their account or app, they are sent an email with a one-time passcode (OTP) to authenticate with. ![Receiving an OTP via email.](../../_images/otp-email.png)Figure 2. Receiving an OTP via email The OTP is valid for up to 30 minutes. * SMS When configured, a one-time passcode (OTP) is sent to the user's mobile device as a text message using SMS. ![Receiving an OTP via SMS.](../../_images/otp-sms.png)Figure 3. Receiving an OTP via SMS The OTP is valid for up to 30 minutes. * Voice When configured, a one-time passcode (OTP) is sent to the user's mobile device or landline phone using telephony voice channels. The OTP is valid for up to 30 minutes. ## Steps Complete the following steps to integrate one-time passcode authentication into your client applications: ## [Before you begin](00_before-you-begin.html) Before you begin this tutorial, ensure you have set up your PingOne instance with the required configuration. For example, you will need an OAuth 2.0 client application setup. [**Complete prerequisites**[icon: chevrons-right, set=fas, size=xs]](00_before-you-begin.html) ## [Configure client apps for one-time passcodes](01_handle-one-time-passcodes-in-client-apps.html) Learn how to set up your Android, iOS, and JavaScript client apps to handle authentication flows that require one-time passcodes. [**Start step 1**[icon: chevrons-right, set=fas, size=xs]](01_handle-one-time-passcodes-in-client-apps.html)