Skip to main content
The Authsignal pre-built UI provides a complete enrollment experience with minimal integration effort.

First-time enrollment

When users have no existing authenticators, they can enroll their first method directly. Backend: Generate enrollment URL 
const request = {
  userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  action: "enroll",
  attributes: {
    redirectUrl: "https://yourapp.com/callback",
  },
};

const response = await authsignal.track(request);

const url = response.url;
Frontend: Launch enrollment flow 
authsignal.launch(url);

First-time enrollment with email OTP

Check enrollment status using Get User or Get Authenticators to customize your UI based on whether users are enrolled.

Adding additional authenticators

Users can enroll additional methods through the pre-built UI by first completing a challenge with one of their existing methods. We can add the redirectToSettings attribute to the track request to land the user on a screen after their challenge which will let them enroll more methods. 
const request = {
  userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  action: "manageAuthenticators",
  attributes: {
    redirectUrl: "https://yourapp.com/callback"
    redirectToSettings: true,
  },
};

const response = await authsignal.track(request);

const url = response.url;
If a user has previously enrolled email OTP, for example, then they can complete an email OTP challenge in order to enroll passkey as another authentication option.

Adding a passkey after email OTP verification

This security requirement ensures strong binding between authenticators, preventing attackers from adding new methods if they compromise a single factor.

Enrolling email and SMS authenticators

By default Authsignal’s pre-built UI requires users to enter their email address or phone number when enrolling an email or SMS-based authenticator.

Capturing a user's email address to enroll an OTP authenticator

If you’ve already captured the user’s email in your own system, however, then you can skip this step by passing the user’s email or phone number in the track request. 
const request = {
  userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  action: "enroll",
  attributes: {
    redirectUrl: "https://yourapp.com/callback",
    email: "[email protected]",
  },
};

const response = await authsignal.track(request);
This will skip the email or phone number input step during enrollment, but still allow the user to edit the value later. If you wish to prevent the user from editing the value, this can be configured in the Authsignal Portal by disabling the self-service management setting on the relevant authenticator configuration. Additionally, if you’re already verified the user’s email in your own system then you can programmatically enroll them with an email or SMS authenticator at an appropriate point in your app (e.g. during a registration flow).