Passwordless authentication
Supported passwordless authentication methods
Identity Cloud supports the following authentication methods for Passwordless authentication:
- Passkey
- Access app
- Email code
- Social login with
- Apple
- Microsoft
Passkey
The method Passkey uses face recognition, recognition by fingerprint, or any other means to unlock a user device to authenticate. The Passkey authentication method requires a passkey-capable device.
Passkey support dependencies
During user-facing flows, such as signup, login and account recovery flows, the user is offered passkey authentication options if the device they are using supports passkey authentication.
Passkeys are based on the FIDO2 and Web Authentication standards.
The support of passkeys is currently rolling out and depends on:
- The device type and its built-in capabilities.
- The native operating system of the device and its capabilities.
- The browser type, browser version and its capabilities.
Custom domain changes and passkey
Setting up your custom domain changes the origin for the passkey authentication method. Existing passkeys become invalid and users need to register new passkeys for your custom domain. For more information, see Custom domains.
Access app
The Nevis Access app is a branded access app that provides a quick and simple way for your users to authenticate.
It is possible to create customer-branded instances of the Nevis Access App.
Secure authentication is made convenient by using the biometric capabilities of mobile devices. Available for iOS and Android (supported version: iOS 12+ and Android 6+)
Learn more about the access app in the dedicated chapter.
Email code
The method Email code sends a one-time code to the email of the users for authentication. The method is always active and cannot be disabled. The Email code authentication method provides a fallback method when no passkey-capable device is available.
Social login
The Social login authentication method can be configured as a further alternative beside the Passkey and the [Email code](./passwordless-authentication#email-code. For more information, see Social login.
Bot protection
Identity cloud included CAPTCHAs in the signup and login flows to provide Bot protection.
We use Google's reCAPTCHA Enterprise solution.
You cannot disable the CAPTCHA feature.