Idea ID: 2850690

More granular control over which SMS templates are enabled/used

Status : New Idea
4 months ago

Currently, if you configure valid details (or had valid details configured from an earlier SSPR version) for the SMS Gateway (Settings ⇨ SMS ⇨ SMS Gateway), any of the SMS Messages configured by default (such as 'Change Password SMS Text'; Settings ⇨ SMS ⇨ SMS Messages ⇨ Change Password SMS Text) immediately take effect.

I have a customer who discovered this the hard way after recently upgrading from SSPR 4.3.x to SSPR and began "burning through [their] Twilio funds/credits" due to the fact that they their SMS Gateway was already configured but there are several SMS Messages which are now enabled by default in SSPR 4.5.x.

The workaround/fix was to remove/delete the default text from the 'Change Password SMS Text' (which states: "You have changed your password. If you did not initiate a password change please contact your help desk immediately." <- side note: there should be a comma in the second sentence: "If you did not initiate a password change,...") but this feels like something that should be addressed by more granular control (either under Settings ⇨ SMS ⇨ SMS Messages or Modules ⇨ Authenticated ⇨ Change Password) in the form of 'ON/OFF' functionality for each individual SMS template (If there are going to be default messages already in place) since there are typically additional costs associated with SMS message service providers. Another option would be removing the default message templates and just adding them to the 'help' description/'question mark button'.