Skip to main content

Consumer (B2C) Access quickstart

Stand up identity for a consumer-facing application: self-service sign-up, social login, passkeys, and a branded login experience backed by SecureAuth's Identity Pools and Authorization Server.

What is Consumer Identity?

Consumer Identity and Access Management (CIAM) is the identity model for apps facing the general public: e-commerce, media, banking, healthcare portals, and any product where users create their own accounts. It differs from workforce or B2B identity in four important ways:

  • Scale and elasticity. Millions of users, with sign-up spikes during marketing campaigns or product launches. Login infrastructure has to absorb those peaks without degrading.
  • Self-service by default. Users register themselves. There is no admin to onboard them, recover their accounts, or rotate their credentials.
  • Many identity sources. Email and password is table stakes. Social login (Google, Apple, Facebook, Microsoft, X, GitHub, LinkedIn), passkeys (WebAuthn), and magic links are increasingly expected alongside it.
  • Consent and brand. Privacy regulations (GDPR, CCPA) govern what data you can collect and how users revoke it. The login screen is often the first product impression, so branding and flow customization matter.

SecureAuth Connect's Consumer workspace ships with these capabilities pre-wired: Identity Pools (your user directory), SSO Identity Providers (social login), passkey support, Risk Engine for step-up authentication, and a fully brandable login experience.

How the pieces fit together

1. Create a Consumer workspace

In the admin console, launch a new workspace using the B2C profile. This provisions an authorization server pre-tuned for consumer scale and flow patterns (short-lived access tokens, refresh token rotation, PKCE required on public clients).

2. Set up your Identity Pool

An Identity Pool is where consumer user accounts live. Each consumer workspace gets its own pool, isolated from other workspaces.

3. Enable sign-in options

Offer the authentication methods your users expect. You can mix any or all:

4. Apply MFA and risk policies

Raise the bar for sensitive actions without adding friction to everyday logins.

  • Create an MFA policy and bind it to high-value scopes (password reset, payment, profile change).
  • Enable the SecureAuth Risk Engine to step up authentication when a sign-in looks suspicious (new device, impossible travel, velocity anomalies).

5. Customize the login experience

The sign-in screen is part of your product.

6. Connect your application

Register your consumer app as an OIDC client and point it at this workspace.

7. Test end-to-end

Run through the full journey yourself before handing it to QA:

  1. Sign up with email and password. Verify the email and SMS templates match your brand.
  2. Sign out and sign back in with a social provider using the same email. Confirm the accounts link as you expect.
  3. Register a passkey from the user profile and sign in passwordless.
  4. Trigger a high-risk login (incognito window, different IP if possible) and confirm MFA steps up.

Next steps