.action-state-pill {
  border-radius: 9999px;
  padding: 0.125rem 0.625rem;
  font-size: 0.75rem;
  font-weight: 500;
  line-height: 1rem;
  color: #1f2937;
  background-color: #f3f4f6;
}

.action-state-pill__CHALLENGE_FAILED {
  background-color: #FDD8D8;
  color: #611919;
}

.action-state-pill__BLOCK {
  background-color: #F88B8B;
  color: #611919;
}

.action-state-pill__CHALLENGE_REQUIRED {
  background-color: #FEF4DA;
  color: #64501D;
}

.action-state-pill__CHALLENGE_SUCCEEDED {
  background-color: #DAF5E7;
  color: #1C5135;
}

.action-state-pill__REVIEW_REQUIRED {
  background-color: #D8E5FD;
  color: #063E5D;
}

.action-state-pill__REVIEW_SUCCEEDED {  
  background-color: #DAF5E7;
  color: #1C5135;
}

.action-state-pill__REVIEW_FAILED {
  background-color: #FDD8D8;
  color: #611919;
}

.action-state-pill__ALLOW {
  background-color: #8FE0B6;
  color: #1C5135;
}


.mint-aspect-video {
    aspect-ratio: 16 / 9
}
.mint-w-full {
    width: 100%
}

module.exports = {
  printWidth: 100,
};


Overview

Configuration

Passkey upgrade flow demo

Passkey being used for MFA demo

Testing the flow

Next steps

Learn how to add passkey MFA to your Keycloak login flow with Authsignal.

Passkey MFA

Adding passkey MFA to your Keycloak login flow

Authsignal

Authsignal is a drop-in solution that adds modern authentication to your app with minimal coding. Quickly implement passkeys, context-aware MFA, and passwordless login options like biometrics, push notifications, OTP, and TOTP—all working seamlessly with your existing identity stack.

Welcome to Authsignal Docs

Before you can add Authsignal to your app, you'll need to create an Authsignal account. This guide will walk you through it.

Set up Authsignal

Set up your Authsignal account

Learn how to integrate Authsignal with your Next.js app when using NextAuth.

NextAuth

NextAuth.js (now known as Auth.js)

Learn how to use Authsignal with Ruby on Rails to implement Multi-factor Authentication and Passkeys

Ruby on Rails

Learn how to use Authsignal's Client SDKs to implement authentication flows with custom or native UI.

Custom UI

Custom UI using Client SDKs

Learn how to use Authsignal's Terraform provider to keep your rule configuration synced across tenants.

Using Terraform

FAQs

Learn how to use Authsignal's server-side SDKs for Node.js, C#, Java, Ruby, Python, PHP, and Go.

Server SDKs

Learn how to use the Authsignal React SDK.

React

Learn how to use the Authsignal SDKs for iOS, Android, React Native, and Flutter.

Mobile

Authsignal APIs

Learn how to integrate with Authsignal's server-side REST API for tracking events performed by users and initiating authentication challenges.

Server API - Overview

Record authentication events performed by users and initiate challenges via Authsignal's pre-built UI or Authsignal Client SDKs.

Track Action

Get detailed information on a tracked action.

Get Action

Query Actions

Update Action

Get User

Update information about a user. Any fields which are omitted in the request will be left unchanged.

Update User

Permanently deletes a user and all their associated data, including all of their authenticators and actions.

Delete User

Enroll an authenticator on behalf of a user. This operation should only be used in cases where you have already verified a user's email address or phone number in your own system.

Enroll Verified Authenticator

Gets a list of the user's currently enrolled authenticators.

Get Authenticators

Delete Authenticator

Initiate an SMS or email-based challenge by sending a verification code to a given phone number or email address.

Initiate Challenge

Verify an SMS or email-based challenge by submitting a verification code.

Verify Challenge

Claim an SMS or email-based challenge on behalf of a user, associating it with an ID for a user record in your system.

Claim Challenge

Validate the result of a challenge using a token obtained after redirecting back from the pre-built UI or returned by an Authsignal SDK.

Validate Challenge

Get Challenge

Gets a list of the authenticators configured for the tenant.

Get Authenticator Configurations

Client API - Overview

Get a list of the user's enrolled authenticators.

Get a list of the authenticators configured for the tenant.

Management API - Overview

Get Tenant

Authsignal is a drop-in solution that can plug into any architecture to deliver account security controls like passkeys, passwordless authentication, and 360 observability and analytics.

What is Authsignal?

Learn how to use Authsignal's pre-built UI to rapidly implement web-based authentication flows.

Using the pre-built UI

Using Client SDKs

Learn how your users can enroll new authenticators using the Authsignal pre-built UI or Client SDKs

Enrolling authenticators

Learn how to use actions to add MFA to your app with the Authsignal pre-built UI.

MFA with actions

Learn how to use rules to challenge users only when certain conditions are met.

Conditional MFA with rules

Learn how to use actions to build passwordless login flows.

Passwordless login with actions

Learn more about the different ways you can launch the Authsignal pre-built UI.

Launching the pre-built UI

Learn how to let users remove their own authenticators via the Authsignal pre-built UI.

Letting users remove authenticators

Learn how to quickly add passkeys to your app using the Authsignal pre-built UI.

Passkeys and the Authsignal pre-built UI

Learn how to use Authsignal's Client SDKs to integrate passkeys to your web or mobile app with your own custom UI.

Using your own UI

Passkeys and Client SDKs

Learn how to optimize your local development setup when integrating passkeys into your app.

Local development

Passkeys and local development

Learn how to create the best passkey experience for your users on the web.

Web best practices

Passkeys best practice for the web

Learn how to create the best passkey experience for your users in native mobile apps.

Mobile best practices

Passkeys best practice for native mobile apps

Learn how to programmatically enroll users with an authenticator by using Authsignal's Server API or SDKs.

Adding authenticators programmatically

Learn how to programmatically remove a user's authenticator by using the Authsignal Server API.

Removing authenticators programmatically

Learn how to ensure a strong binding between authenticators when using the Authsignal pre-built UI or Authsignal Client SDKs.

Authenticator binding

Learn how to restrict which authenticators a user can select to complete challenges.

Restricting authenticators

Restricting authenticators with actions

Learn how to selectively target groups of users with rules.

Using rules to target users

Learn how to send custom fields to Authsignal in order to drive rules off your own data.

Using your own data points

Learn how to add your own branding to the pre-built UI.

Adding your own branding

Learn how to add messaging to the pre-built UI to give your users more context.

Adding contextual messaging

Adding contextual messaging to the pre-built UI

Prompt users to enroll a passkey after authentication.

Using the passkey uplift prompt

Learn how to use webhooks to send SMS, email and push notifications via your own provider and receive notifications for various events that occur near real-time.

Using webhooks

Using Authsignal's webhooks

Events schema

Learn how to integrate Authsignal with Auth0 to add MFA to your login flow, using methods such as Authenticator App, SMS OTP, Email OTP, and Passkeys.

Using Authsignal with Auth0

Learn how to refine the MFA experience for your users by using more advanced Authsignal features such as rules.

Refining the MFA experience

Learn how to use your internal user ID when integrating Authsignal with Auth0 instead of the default Auth0 user ID.

Using an internal user ID

Learn how to use issue an Auth0 access token during authsignal flows like passkey auto-fill

Auth0 Native Bridge

Learn how to integrate Authsignal with AWS Cognito to rapidly implement passwordless authentication.

Integrating Authsignal with AWS Cognito

Learn how to integrate Authsignal when using AWS Cognito & Amplify with a web app.

Using Amplify

Using Amplify with Authsignal's pre-built UI.

Learn how to integrate Authsignal when using AWS Cognito and the AWS SDK.

Using the AWS SDK

Using the AWS SDK with Authsignal's pre-built UI

Learn how to integrate Authsignal when using AWS Cognito and admin commands from the AWS SDK.

Using the AWS SDK's admin commands

Using the AWS SDK's admin commands with Authsignal's pre-built UI

Learn how to add passkey autofill to your login page when using AWS Cognito and Amplify.

Passkey autofill

Adding passkey autofill to your login page

Learn how to add passkeys to your native mobile app when using AWS Cognito.

Passkeys with native mobile apps

Using passkeys with native mobile apps

Learn how to use Authsignal rules to implement adaptive MFA with AWS Cognito

Using rules

Using AWS Cognito with Authsignal rules

Learn how to integrate Authsignal for MFA when using Microsoft Azure AD B2C.

Using Azure AD B2C with Authsignal

Using Authsignal for MFA with Microsoft Azure AD B2C

Learn how to use Authsignal for passwordless login with Microsoft Azure AD B2C.

Passwordless login with AAD B2C

Passwordless login with Microsoft Azure AD B2C

Learn how to add passkey autofill to your Microsoft Azure AD B2C login page with Authsignal.

Passkey autofill with AAD B2C

Using Passkeys with Microsoft Azure AD B2C

Use Authsignal custom policy snippets to customize Microsoft Azure AD B2C flows.

Custom policy snippets

Microsoft Azure AD B2C Custom Policy Snippets

Learn how to integrate MFA using Authsignal with Keycloak.

Keycloak MFA

Learn how enroll users in passkeys using Authsignal's prebuilt UI with Keycloak.

Keycloak Passkey Sign-Up With Prebuilt UI

Learn how to add passkey autofill using Authsignal with Keycloak.

Keycloak Passkey Autofill

Learn how to integrate Authsignal for MFA and passkeys when using Duende IdentityServer.

Duende IdentityServer

Learn how to integrate Authsignal when using Supabase.

Supabase

Learn about Authsignal's OIDC integration model.

Open ID Connect (OIDC)

Record authentication events performed by users and initiate challenges via the Authsignal pre-built UI or Authsignal Client SDKs.

Validate the result of a challenge using a token obtained after redirecting back from the pre-built UI or returned by a Client SDK.

Start a challenge to enroll a new SMS authenticator for a given phone number.

Start SMS Enrollment

Start a challenge when the user is already enrolled with at least one SMS authenticator.

Start SMS Challenge

Verify a challenge when enrolling a new SMS authenticator or when re-authenticating with an existing SMS authenticator.

Verify SMS Challenge

Start a challenge to enroll a new email OTP authenticator for a given email.

Start Email OTP Enrollment

Start a challenge when the user is already enrolled with at least one email OTP authenticator

Start Email OTP Challenge

Verify a challenge when enrolling a new email OTP authenticator or when re-authenticating with an existing email OTP authenticator

Verify Email OTP Challenge

Start a challenge to enroll a new email magic link authenticator for a given email.

Start Email Magic Link Enrollment

Start a challenge when the user is already enrolled with at least one email magic link authenticator

Start Email Magic Link Challenge

The email magic link challenge is verified when the user clicks on the link sent to their email. Use this endpoint to finalize the challenge, checking if the user has clicked on the magic link (e.g. via polling).

Finalize Email Magic Link Challenge

Enroll a new authenticator app authenticator for a user

Start Authenticator App Enrollment

Verify a challenge when enrolling a authenticator app authenticator or when re-authenticating with an existing authenticator app authenticator

Getting started

Integrations

Actions & rules

Learn

Resources

Adding passkey MFA to your Keycloak login flow

Overview

Configuration

Testing the flow

Passkey upgrade flow demo

Passkey being used for MFA demo

Next steps

Getting started

Integrations

Actions & rules

Learn

Resources

​Overview

​Configuration

​Testing the flow

​Passkey upgrade flow demo

​Passkey being used for MFA demo

​Next steps

Overview

Configuration

Testing the flow

Passkey upgrade flow demo

Passkey being used for MFA demo

Next steps