SecureAuth Connect gives you a range of authentication methods to balance security, usability, and reach. You can combine methods as first-factor, second-factor, or step-up authentication depending on your use case.
This section covers how to configure each method, what users experience, and when to use one method over another.
Authentication methods
- All methods
- By use case
- By what users need
Any enabled method can be configured as first-factor or second-factor authentication in the user directory sign-in settings.
| Method | Description | User needs |
|---|
| Passkeys | Device-bound cryptographic login, no password | Device with biometrics or security key |
| Email OTP | One-time code sent to email | Email address |
| SMS OTP | One-time code sent via text message | Phone number |
| Voice OTP | One-time code read aloud by phone call | Phone number |
| TOTP | Time-based codes from a mobile authenticator app | Authenticator app (any) |
| Social login | Sign in with Apple, Facebook, GitHub, Google, LinkedIn, Microsoft, or X | Existing social account |
| Push notification | Approve or deny on a mobile device | SecureAuth Authenticate mobile app |
| Symbol | Match a symbol on screen and mobile device | SecureAuth Authenticate mobile app |
| QR code | Scan a QR code with a mobile device to sign in | SecureAuth Authenticate mobile app |
| Enterprise SSO | Sign in using your company's identity provider | Company IdP account |
| Magic link | One-click email login | Email address |
| Password | Traditional username and password | Username and password |
Consumer apps (B2C)
Minimize friction. Let users sign in with what they already have.
| Method | Why |
|---|
| Social login | Users sign in with an existing account. No new password to create. |
| Passkeys | Single biometric tap. Phishing-resistant. No password resets. |
| Email OTP | Works on any device with an email client. No app install needed. |
| Magic link | One click in email. Lowest friction for email-based flows. |
B2B
Stronger security for partners, customers, and their organizations.
| Method | Why |
|---|
| Enterprise SSO | Centralized authentication through a company identity provider. |
| TOTP | Offline codes from an authenticator app. No SMS costs. |
| Push notification | Fast approve/deny on managed devices. |
| Passkeys | Phishing-resistant MFA that satisfies NIST AAL3 requirements. |
High-security flows
Step-up or second-factor for sensitive actions.
| Method | Why |
|---|
| Symbol | Anti-phishing. User must match symbols across two screens. |
| Passkeys | Cryptographic proof of device possession. |
| TOTP | Codes never travel over a network. No SIM-swap risk. |
| SMS OTP | Broad reach when users don't have an authenticator app. |
| Voice OTP | Accessible fallback. Works on landlines. |
Nothing (already have an account)
| Method | Details |
|---|
| Social login | Users sign in with Apple, Google, Facebook, etc. |
| SSO | Users sign in with their company IdP. |
| Password | Traditional username and password. |
Email address
| Method | Details |
|---|
| Email OTP | Code sent to email. Works as 1FA or 2FA. |
| Magic link | One-click link sent to email. |
Phone number
| Method | Details |
|---|
| SMS OTP | Code sent via text message. |
| Voice OTP | Code read aloud by phone call. Works on landlines. |
Mobile app (any authenticator)
| Method | Details |
|---|
| TOTP | Works with Google Authenticator, Microsoft Authenticator, Authy, etc. |
SecureAuth Authenticate mobile app
Device with biometrics or security key
| Method | Details |
|---|
| Passkeys | FIDO2 cryptographic login. Touch ID, Windows Hello, YubiKey. |
Authentication settings are spread across different areas in SecureAuth Connect. Tenant settings apply globally. Workspace and user directory settings control what users see at sign-in.
| Area | Where | What you configure |
|---|
| Message providers | Tenant Settings > Message Providers | Set up delivery channels for OTP (email, SMS, voice). Configure code length and lifetime in Tenant > MFA Settings. |
| Allowed methods | [Workspace] > Authentication > Settings > Methods | Enable the authentication methods available for the workspace. Add social or enterprise identity providers under Authentication > Providers. |
| Sign-in flow | [Workspace] > Users > Sign-in and Sign-up | Add authentication methods as first-factor or second-factor. Set a preferred method. |
See also