Skip to main content

Set up sign in and sign up methods

Define how users authenticate when signing in and whether users in a specific Identity Pool can self-register for an account.

  1. Go to Sign-in and Sign-up settings.

    • Tenant level: Go to Tenant Settings (gear icon) > Identity Pools > (Selected Identity Pool) > Sign-in and Sign-up.

    • Workspace level: In your workspace, go to Users > Sign-in and Sign up.

  2. Configure preferences for sign-ins:

    Sign in and Sign up settings

Sign-in configuration options

First-factor authentication methods

Set the preferred authentication method for the user login to SecureAuth platform. Options are:

Password
Login with a password.

Verification Code
Send a one-time verification code by email or SMS to the user.

Authenticator App
Send a time-based one-time passcode (TOTP) to the user's mobile authenticator app.

Passkey
A secure, passwordless option for user convenience. Users can authenticate with FIDO2 devices like YubiKey or Touch ID, using physical or biometric keys instead of traditional passwords.

Second-factor authentication methods

Second-Factor Authentication Methods
Optionally, set another authentication method.

Device and security settings

Reduce 2FA verification on same device
Remember the device for a set time, avoiding repeated 2FA prompts. You can adjust the time or disable it by setting it to 0 seconds.

Level of Assurance Threshold (LOA)
Defines the minimum confidence level required for authentication. If the real-time LOA falls below this threshold, users must verify their identity with a second factor.

Recommended ranges:

  • Low (30%): Low confidence in identity verification. The user may be new or logging in from an unknown device.
  • Medium (60%): Moderate confidence. Repeated logins from the same device increase LOA over time.
  • High (80%): Strong assurance. Indicates high trust in the user's identity based on device characteristics.

To learn more, see Risk Engine: Smarter security in action and Risk analyzers.

Sign-in Identifier Settings
Select this check box to ignore case sensitivity in email and username during user login.

  1. Configure preferences for sign-up registration mode:

    Sign-up configuration

Sign-up configuration options

SettingDescription
Self-registrationEnable or disable user self-registration
Admin Initiated RegistrationControls whether admins can register users (enabled by default). Change only through the API.
  1. Save your changes.