Set up

What happens if a user doesn’t have one of the permitted authenticators?

Overriding permitted authenticators with rules

Contact

Blog

Authsignal

SDKs

API Reference

Sign Up

Login

Learn how to restrict which authenticators a user can select to complete challenges.

Restricting authenticators

Restricting authenticators with actions

Authsignal is a drop-in solution that can plug into any architecture to deliver account security controls like passkeys, passwordless authentication, and 360 observability and analytics.

Overview

What is Authsignal?

Learn how to use Authsignal's pre-built UI to rapidly implement web-based authentication flows.

Using the pre-built UI

Learn how to use Authsignal's Client SDKs to implement authentication flows with custom or native UI.

Using your own custom UI

Learn how to use actions to add MFA to your app with the Authsignal pre-built UI.

MFA with actions

Learn how to use rules to challenge users only when certain conditions are met.

Conditional MFA with rules

Learn how to use actions to build passwordless login flows.

Passwordless login with actions

Learn more about the different ways you can launch the Authsignal pre-built UI.

Launching the pre-built UI

Learn how to let users add their own authenticators via the Authsignal pre-built UI.

Letting users add authenticators

Learn how to let users remove their own authenticators via the Authsignal pre-built UI.

Letting users remove authenticators

Learn how to quickly add passkeys to your app using the Authsignal pre-built UI.

Passkeys and the Authsignal pre-built UI

Learn how to use Authsignal's Client SDKs to integrate passkeys to your web or mobile app with your own custom UI.

Using your own UI

Passkeys and Client SDKs

Learn how to optimize your local development setup when integrating passkeys into your app.

Local development

Passkeys and local development

Learn how to create the best passkey experience for your users on the web.

Web best practices

Passkeys best practice for the web

Learn how to create the best passkey experience for your users in native mobile apps.

Mobile best practices

Passkeys best practice for native mobile apps

Learn how to ensure a strong binding between authenticators when using the Authsignal pre-built UI or Authsignal Client SDKs.

Authenticator binding

Learn how to programmatically enroll users with an authenticator by using Authsignal's Server API or SDKs.

Adding authenticators programmatically

Learn how to programmatically remove a user's authenticator by using the Authsignal Server API.

Removing authenticators programmatically

Learn how to selectively target groups of users with rules.

Using rules to target users

Learn how to send custom fields to Authsignal in order to drive rules off your own data.

Using your own data points

Learn how to add your own branding to the pre-built UI.

Adding your own branding

Learn how to add messaging to the pre-built UI to give your users more context.

Adding contextual messaging

Adding contextual messaging to the pre-built UI

Prompt users to enroll a passkey after authentication.

Using the passkey uplift prompt

Learn how to use webhooks to send SMS, email and push notifications via your own provider and receive notifications for various events that occur near real-time.

Using webhooks

Using Authsignal's webhooks

Events schema

Learn how to use Authsignal's Terraform provider to keep your rule configuration synced across tenants.

Using Terraform

Learn how to integrate Authsignal with Auth0 to add MFA to your login flow, using methods such as Authenticator App, SMS OTP, Email OTP, and Passkeys.

Using Authsignal with Auth0

Learn how to refine the MFA experience for your users by using more advanced Authsignal features such as rules.

Refining the MFA experience

Learn how to use your internal user ID when integrating Authsignal with Auth0 instead of the default Auth0 user ID.

Using an internal user ID

Learn how to integrate Authsignal with AWS Cognito to rapidly implement passwordless authentication flows.

Integrating Authsignal with AWS Cognito

Learn how to integrate Authsignal when using AWS Cognito & Amplify with a web app.

Using Amplify

Using Amplify with Authsignal's pre-built UI.

Learn how to integrate Authsignal when using AWS Cognito and the AWS SDK.

Using the AWS SDK

Using the AWS SDK with Authsignal's pre-built UI

Learn how to integrate Authsignal when using AWS Cognito and admin commands from the AWS SDK.

Using the AWS SDK's admin commands

Using the AWS SDK's admin commands with Authsignal's pre-built UI

Learn how to add passkey autofill to your login page when using AWS Cognito and Amplify.

Passkey autofill

Adding passkey autofill to your login page

Learn how to add passkeys to your native mobile app when using AWS Cognito.

Passkeys with native mobile apps

Using passkeys with native mobile apps

Learn how to integrate Authsignal for MFA when using Microsoft Azure AD B2C.

Using Azure AD B2C with Authsignal

Using Authsignal for MFA with Microsoft Azure AD B2C

Learn how to use Authsignal for passwordless login with Microsoft Azure AD B2C.

Passwordless login with AAD B2C

Passwordless login with Microsoft Azure AD B2C

Learn how to add passkey autofill to your Microsoft Azure AD B2C login page with Authsignal.

Passkey autofill with AAD B2C

Using Passkeys with Microsoft Azure AD B2C

Use Authsignal custom policy snippets to customize Microsoft Azure AD B2C flows.

Custom policy snippets

Microsoft Azure AD B2C Custom Policy Snippets

Learn how to integrate Authsignal for MFA and passkeys when using Duende IdentityServer.

Duende IdentityServer

Learn how to integrate Authsignal when using NextAuth.js.

NextAuth.js

Learn how to integrate Authsignal when using Supabase.

Supabase

Learn how to use Authsignal with Ruby on Rails to implement Multi-factor Authentication and Passkeys

Ruby on Rails

Learn about Authsignal's OIDC integration model.

Open ID Connect (OIDC)

Learn how to use the Authsignal React SDK.

React

Learn how to use the Authsignal SDKs for iOS, Android, React Native, and Flutter.

Mobile

Learn how to use the Authsignal Node.js SDK.

Node.js

Learn how to use the Authsignal Ruby SDK.

Ruby

Learn how to use the Authsignal Python SDK.

Python

Learn how to use the Authsignal Java SDK.

Java

Authsignal APIs

Server API - Overview

Record actions performed by users and initiate challenges.

Track Action

Validate the result of a challenge using a token obtained after redirecting back from the pre-built UI or returned by a client SDK.

Validate Challenge

A user is considered to be enrolled if they have set up at least one authenticator which can be used to issue a challenge.

Get User

A way to persist key data points for a given user.

Update User

Gets a list of the user's currently enrolled authenticators.

Get User Authenticators

Enroll an authenticator on behalf of a user if it has already been verified.

Enroll Verified Authenticator

Get detailed information on a tracked action.

Get User Action

Permanently deletes a user and all their associated data, including all of their authenticators and actions.

Delete User

Delete User Authenticator

Gets a list of the authenticators configured for the tenant.

Get Authenticator Configurations

Client API - Overview

Get a list of the authenticators configured for the tenant.

Get a list of the user's enrolled authenticators.

Start a challenge to enroll a new SMS authenticator for a given phone number.

Start SMS Enrollment

Start a challenge when the user is already enrolled with at least one SMS authenticator.

Start SMS Challenge

Verify a challenge when enrolling a new SMS authenticator or when re-authenticating with an existing SMS authenticator.

Verify SMS Challenge

Start a challenge to enroll a new email OTP authenticator for a given email.

Start Email OTP Enrollment

Start a challenge when the user is already enrolled with at least one email OTP authenticator

Start Email OTP Challenge

Verify a challenge when enrolling a new email OTP authenticator or when re-authenticating with an existing email OTP authenticator

Verify Email OTP Challenge

Start a challenge to enroll a new email magic link authenticator for a given email.

Start Email Magic Link Enrollment

Start a challenge when the user is already enrolled with at least one email magic link authenticator

Start Email Magic Link Challenge

The email magic link challenge is verified when the user clicks on the link sent to their email. Use this endpoint to finalize the challenge, checking if the user has clicked on the magic link (e.g. via polling).

Finalize Email Magic Link Challenge

Enroll a new authenticator app authenticator for a user

Start Authenticator App Enrollment

Verify a challenge when enrolling a authenticator app authenticator or when re-authenticating with an existing authenticator app authenticator

Verify Authenticator App Challenge

Generate options to register a new passkey.

Generate Passkey Registration Options

Finish the process of registering a new passkey authenticator.

Verify Passkey Registration

Generate options to authenticate with an existing passkey.

Generate Passkey Authentication Options

Finish the process of authenticating with an existing passkey authenticator.

Verify Passkey Authentication

For customizing the action code during sign-in.

Create Action For Passkey Sign-in

Push API - Overview

Start a push challenge by sending a notification to the user's mobile device.

Start Push Challenge

Verify a challenge to a user's mobile device. Use this endpoint from the app which initiated the challenge to determine if the user approved or rejected the request (e.g. via polling).

Getting started

Scenarios

Advanced scenarios

Platform integrations

Learn

Restricting authenticators with actions

Set up

What happens if a user doesn’t have one of the permitted authenticators?

Overriding permitted authenticators with rules

Getting started

Scenarios

Advanced scenarios

Platform integrations

Learn

​Set up

​What happens if a user doesn’t have one of the permitted authenticators?

​Overriding permitted authenticators with rules

Set up

What happens if a user doesn’t have one of the permitted authenticators?

Overriding permitted authenticators with rules