SMS Login: User Guide for Sponsors

Keeping secure access to the Sponsor Management System (SMS) is essential for day-to-day sponsorship and for avoiding compliance action. This guide explains what SMS login is, how to log in, common issues, risk controls, and how it fits into wider sponsor duties.

New to the platform? See our overview of the sponsor management system and SMS Level 1 user roles.

Key takeaways

• Protect your SMS login and registered mobile numbers or you risk lock-outs and missed reports.
• Always maintain at least two active Level 1 users to prevent an organisation-wide access failure.
• SMS login uses one-time passcodes (OTP) sent by text; codes are short-lived and single-use.
• Good access hygiene supports core duties and reduces the risk of sponsor licence revocation.
• Layer controls (second approver, device security) for high-impact actions like certificate of sponsorship (CoS) assignment or change of circumstances.

What is SMS login?

SMS login is the authentication step used by the Home Office SMS where a one-time passcode is texted to the registered mobile number of an authorised user (Level 1 or Level 2). It’s an additional verification layer on top of your username/password.

Why it matters:

• The SMS contains sensitive immigration data and actions (CoS issuing, worker reporting).
• The Home Office only sends OTPs to the mobile recorded for that user in SMS. Keep details current or you’ll be locked out.

Setting up or refreshing permissions? Start with sponsor licence duties & compliance and sponsor licence eligibility.

How to log in to the SMS (step-by-step)

1. Go to the official SMS login page you’ve bookmarked. Avoid unverified links.
2. Enter User ID + password exactly as issued (case-sensitive). Three failed attempts trigger a 30-minute lockout.
3. Receive the OTP by SMS on your registered mobile. Enter it within the time limit (typically a few minutes).
4. First login? Change your password (12–256 chars, upper+lower+number+special, no spaces).
5. Proceed to dashboard:
   • Level 1 lands on the message board first and can manage users/settings.
   • Level 2 sees functions permitted for their role.

Role capabilities

Tip: Align SMS updates with HR records and your chosen SOC code, and keep your CoS documentation audit-ready.

Benefits of SMS login

• Broad access: works on any phone capable of receiving texts—useful for travelling key personnel.
• Low friction: no app or hardware required; fast onboarding for new users.
• Meets Home Office control expectations without complex IT setup.

SMS login risks & how to reduce them

1) SIM-swap/number porting

• Add a port-out PIN with your mobile provider; use separate numbers for primary and backup Level 1 users.

2) SMS interception (telecoms layer)

• Treat OTPs as sensitive; never reuse compromised numbers; avoid shared devices.

3) Phishing/social engineering

• Train users never to share OTPs; verify “urgent Home Office” emails/calls; bookmark the real SMS URL.

4) Device theft/SMS sync

• Enforce device passcodes/biometrics; review message sync settings; remove lost/stolen numbers from SMS immediately.

Best practices for secure access

• Two (or more) Level 1 users with different mobile numbers. See sms level 1 user.
• Strict password policy and periodic resets; never email credentials.
• Second-person checks before high-impact actions (e.g., CoS issue, licence detail changes).
• Calendar + workflow reminders for 10-day reporting deadlines.
• Quarterly access review: remove leavers, verify mobiles, confirm permissions.
• Device hygiene: full-disk encryption, biometric unlock, corporate browser profiles/VPN.

SMS login troubleshooting

If self-help fails, contact the Sponsorship, Employer & Education helpline. Keep evidence of attempted logins and deadlines to demonstrate diligence if audited.

How SMS login fits into sponsor compliance

You’ll use SMS access to:

• Assign CoS and track usage (CoS cost, Immigration Skills Charge; budget with our visa fees calculator for government fees).
• Report worker changes within 10 working days (change of circumstances).
• Maintain accurate licence and key personnel details.
• Renew on time; avoid the cooling-off pain (Sponsor Licence Cooling Off Period).

Failure here risks downgrades, suspension, or sponsor licence revoked outcomes.

Alternatives & layered security

The Home Office currently mandates SMS OTP for login. You can still layer security internally by:

• Requiring an approver sign-off before issuing CoS.
• Restricting access to managed devices/networks.
• Adding biometric/device checks prior to launching the SMS session.

Where Borderless comes in

SMS login is simple to use but critical to get right. Keep two active Level 1 users, enforce strong device and password hygiene, and add second-person checks for high-impact actions like CoS assignment and licence changes.Want fewer lock-outs, smoother reporting, and audit-ready evidence?

‍Borderless centralises SMS workflows, reminders and documentation so you never miss a deadline.👉 Book a demo to see how we can reduce admin and help protect your sponsor licence.

Need definitions? Explore our immigration glossary.

FAQs

Do we need a backup user?
Yes—at least one extra Level 1 with a different mobile number.

Can we change the registered mobile ourselves?
A Level 1 user can update user details in SMS; test OTP delivery immediately after any change.

What if a user leaves the business?
Remove their access the same day. Update key personnel if the Authorising Officer or Key Contact changes.

Is an OTP alone enough?
It meets the SMS requirement, but add internal controls to mitigate phishing/SIM-swap risk.