Skip to main content

Passwordless login

When passwordless authentication is set up by the administrator, the user is offered signup and login flows that do not involve the use of passwords.

General information

Passwordless authentication relies on the local passkey and biometric authentication capabilities of user devices to provide secure and convenient authentication with passkeys, and the access app.

Other passwordless authentication methods are provided for devices that do not have such local authentication capabilities:

Authentication method priorities

When passwordless authentication is enabled, authentication by passkeys is prioritized for login.

If the user device does not have local passkey authentication capabilities, the secondary option is authentication using the access app on devices that support pin or biometric capabilities.

If the user device does not support these capabilities, authentication by email codes is offered as a fallback verification method.

Passwordless login flow

Using devices that support passkeys

The following steps describe the login flow for users initiating login on a device with local passkey authentication capabilities, when the administrator enables passkey authentication in the Management console.

Login with passkeys

  1. Go to the Identity Cloud login page.
  2. Enter the username (email) registered to the account and click Continue. The Verification in progress page is displayed, showing that Identity Cloud is waiting for verification results, while the passkey verification process is completed on the device.
  3. Go through the native authentication flow as directed on the device.

After successful verification using the device's native flow, the user is automatically logged into your application.

Skip authentication with passkeys

When the user initiates the login from a device that has local passkey authentication capabilities, they are offered to skip passkey verification. In this case, the user can complete the login using either the access app (if supported) or email code verification.

Using devices with the access app

The following steps describe the login flow for users initiating login on a device with local biometric or pin authentication capabilities using the access app, when the administrator enables access app authentication in the Management console.

Login with the access app

  1. Go to the Identity Cloud login page and enter the username (email) registered to the account. Click Continue.
  2. Follow the native prompts offered by the browser and the access app login:
    • If the user is logging in using a desktop browser, they need to scan the QR code with the access app.
    • If the user is logging in using a mobile browser, they need to click on the button on the page to launch the access app.
  3. Follow the prompts in the access app to complete the preferred authentication method (face id, finger id, pin, etc.).

After successful verification using the device's native flow, the user is automatically logged into your application.

Skip authentication with the access app

When the user initiates the login from a device that has local biometric, pin authentication capabilities, the user is also offered to skip the access app verification by clicking on the Try another way option. In this case, the user can complete the login using email code verification.

Login with email codes

  1. Go to the Identity Cloud login page.
  2. Enter the username (email) registered to the account on the login page and click Continue. When offered to complete authentication with passkeys or the access app choose to Skip and Try another way.
  3. An email with a code is sent to the user's registered email inbox.
  4. Enter the code received in the email on the Email verification page.
  5. Click Verify.

After successful verification, the user is automatically logged into your application.

Log in on a device that does not support passkeys or the access app

The following steps describe the login flow of a user who initiates the login from a device that has no local passkey, pin or biometric authentication capabilities.

  1. Go to the Identity Cloud login page.
  2. Enter the username (email) registered to the account on the login page and click Continue. An email with a code is sent to the user's registered email inbox.
  3. Enter the code received in the email on the Email verification page.
  4. Click Verify.

After successful verification, the user is automatically logged into your application.

Login with social identity providers

  1. Go to the Identity Cloud login page and select the icon with the logo of the social identity provider of choice. The login page of the social identity provider loads.
  2. Go through the authentication flow of that social identity provider.

After successful verification, the user is logged into your application.

Social identity providers

Social identity providers the administrator can add and enable are:

  • Apple
  • Facebook
  • Google
  • Microsoft