Enable passwordless user authentication

SecureAuth Connect supports passwordless authentication using passkeys, verification codes, or magic links. Enable one or more of these methods so users can sign in without a password.

Enable passwordless authentication

1. Go to Users > your identity pool > Sign-in and Sign-up.

2. Add Authentication Methods in the Sign In dropdown menu.

   You can set the following passwordless authentication methods:

   • Passkeys (see Configure passkeys for Smart and Classic mode options)

   • Verification Code

   It is also possible to use Magic Links but only through API integration.

   note

   If you integrate with SecureAuth APIs and build your own login page, you must still enable your chosen authentication methods in the pool settings to authenticate users.

3. To set a method as preferred, click the three-dot menu next to the method and select Change to Preferred. The preferred method appears first on the sign-in page. All other enabled methods remain available.

4. Verify that the token issue policy in the connected workspace allows tokens with the correct amr claim for your chosen method.

   Go to workspace Settings > Authorization > Token issue policy.

   For example, the Demo workspace uses the NIST-AAL-1 User policy, which only allows tokens when the amr attribute is pwd (password). To support passwordless methods, update the policy to also allow:

   • otp for verification codes or magic links.
   • pop for passkeys.

Integrate custom sign-in pages for passwordless authentication

To use a custom sign-in page with SecureAuth, see Integrate sign-in pages for passwordless authentication.

See also

• Configure passkeys
• Set up sign in and sign up methods
• Configure verification codes