This guide shows how to implement email magic link for MFA. You can follow the same approach for step-up auth or adaptive MFA.
Configure email magic link in the Authsignal Portal
- Navigate to the Authenticators section and click Setup Email magic link.
- Choose and set up an email provider you want to use in the next screen. You can choose Authsignal for development purposes, but it’s recommended not to use it in production. Then click Activate Email Magic Link.

Grab your Authsignal credentials
Head to Settings and grab your Tenant ID, API URL and API secret key. Add them as environment variables in your project:Implementation
1. Backend - Track an action
When a user performs an action that requires authentication, your backend should track the action. You can use our Server SDK or Server API to track the action. The code snippets in this guide references the SDKs.Learn more about the different action outcomes.
2. Frontend - Challenge the user
If the action state isCHALLENGE_REQUIRED
, proceed with the magic link challenge using either our Web SDK, Mobile SDKs or Client API.
3. Backend - Validate the challenge
After the user completes the challenge, validate the token on your backend:Next steps
- Adaptive MFA - Set up smart rules to trigger authentication based on risk
- Email OTP - Add email-based OTP codes for users who prefer entering codes
- SMS OTP - Implement SMS-based one-time passwords as an alternative method
- Passkeys - Offer the most secure and user-friendly passwordless authentication