Skip to main content

Passwordless authentication

SFA Authentication

Supported passwordless authentication methods

Identity Cloud supports the following authentication methods for Passwordless authentication:

Passwordless Authentication Tab


The method Passkey uses face recognition, recognition by fingerprint, or any other means to unlock a user device to authenticate. The Passkey authentication method requires a passkey-capable device.

Passkey support dependencies

During user-facing flows, such as signup, login and account recovery flows, the user is offered passkey authentication options if the device they are using supports passkey authentication.

Passkeys are based on the FIDO2 and Web Authentication standards.

Passwordless signup create passkey page

The support of passkeys is currently rolling out and depends on:

  • The device type and its built-in capabilities.
  • The native operating system of the device and its capabilities.
  • The browser type, browser version and its capabilities.

Custom domain changes and passkey

Setting up your custom domain changes the origin for the passkey authentication method. Existing passkeys become invalid and users need to register new passkeys for your custom domain. For more information, see Custom domains.

Access app

The Nevis Access app is a branded access app that provides a quick and simple way for your users to authenticate.

It is possible to create customer-branded instances of the Nevis Access App.

Secure authentication is made convenient by using the biometric capabilities of mobile devices. Available for iOS and Android (supported version: iOS 12+ and Android 6+)

Learn more about the access app in the dedicated chapter.

Email code

The method Email code sends a one-time code to the email of the users for authentication. The method is always active and cannot be disabled. The Email code authentication method provides a fallback method when no passkey-capable device is available.

MFA signup recovery codes

Social login

The Social login authentication method can be configured as a further alternative beside the Passkey and the [Email code](./passwordless-authentication#email-code. For more information, see Social login.

Bot protection

Identity cloud included CAPTCHAs in the signup and login flows to provide Bot protection.

We use Google's reCAPTCHA Enterprise solution.

You cannot disable the CAPTCHA feature.