Skip to content

Login

The Login Box

For user authentication (typically known as Login), it’s pretty much the first thing you’ll experience. In today’s modern e-commerce environments, however, there’s often more to the login box than meets the eye!

Hi, I’m Peter Fernandez, an Innovator, Architect, Consultant, Engineer, and Principal Developer Advocate at Auth0 by Okta. I’d like to share with you some of my experience building user authentication – a.k.a. Login – into modern applications and how easy it is to do that using the Auth0 platform.

More than just UserID and Password…

In the world of modern application development, Login is a whole lot more than just acquiring a UserID & Password. With the rich source of user information offered by the likes of Social Login and the convenience of using security-enhanced workflows like Passkeys – not to mention the commercial flexibility offered by Enterprise Federation – there’s so much more to the process.

…more than just credential verification

It’s more than just credential verification too. The Login Box also has to be capable of employing Attack Protection strategies. And with safety and security being of paramount importance to many consumers, it has to provide for the likes of MFA too. Users also want a Sign-in/Signup experience that’s as frictionless as possible, so the likes of SSO and progressive User Profile enrichment are important considerations.

Sign in…

Login – a.k.a. Sign-in – typically starts with an interaction that we’re probably all familiar with: the interactive supply of credentials for verification. Credentials come in a number of different forms, the most common being the UserID and Password. But other forms associated with the likes of Social, Enterprise Federation, and Passwordless scenarios exist too. Once credentials are verified, an application will typically establish the session for the user and, optionally, an SSO session can be established too.

…vs Sign out…

The converse process is typically known as Logout, Logoff, or Sign out. When a user has finished interacting with an application, they will typically terminate their session explicitly, effectively de-authenticating. Or the application will terminate their session implicitly if no user interaction has occurred for a period of time. Optionally, a Logoff will terminate the SSO session too – so that the user must engage with the Login process interactively if they wish to use the application again.

…vs Signup

Before anyone can log in, they typically have to be a registered user of an application first. That process is typically referred to as Signup and is typically where the user chooses their credential information – such as UserID and Password. However, with the likes of Social Login and Enterprise Federation, Signup is often implied: when user credentials are verified by a 3rd party, the process of user registration typically becomes implicit rather than explicitly actioned.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

Meet Universal Login

Say hello to Auth0 Universal Login! Universal Login allows you to create a fully customized authentication experience that supports all of the capabilities you need from a Login/Sign In, Sign Up, and Sign Out experience too. With out-of-the-box support for the likes of SSO, Passkeys, advanced MFA, progresive User Profile enrichment, Social Login and Enterprise Federation, Universal Login offers a range of fully flexible configurations. But it doesn’t stop there. Fully brand the experience however suits, and leverage Attack Protection strategies that are leading edge. All at the push of a button!

Social Login

In addition to the classic UserID & Password or Passwordless workflows, fast-track the signup and login experience for your customers with user authentication via 53+ out-of-box Social Login options that they know and trust. All being enabled by the flip of a switch.

Enterprise Federation

 For use cases such as B2B and B2B2C, leverage the Identity Provider (IdP) already used by an organisation to provide user authentication via Enterprise Federation.

Attack Protection

Employ Protection against a range of attacks, with features such as Bot Detection, Breached Password Detection, and Suspicious IP Throttling.

Adaptive MFA

Enable Adaptive MFA, and fine-tune your user authentication process via intelligent MFA that dynamically fits customer login behaviors. All whilst satisfying your business needs.

Passwordless

For a secure, seamless, and all-around easier user experience, implement a Passwordless workflow and do away with the password at the flip of a switch.

Extensibility

 Customize identity flows with visual drag-and-drop Actions to build functionality that will address your unique requirements.

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Verified Credentials…

Modernizing an application to exchange the verification of a UserID and Password credential with the verification of a credential-verified artefact opens up a variety of opportunities. Providing the flexibility to deliver user-centric information that helps build the application session, for example, and the ability to explore the likes of SSO, MFA and Passwordless scenarios too. Leveraging a totally independent IDP, such as Auth0, supports all of this without the need to change a single line of that modernized code.

…via OIDC…

OIDC provides industry-standard verified authentication via JSON Web Format (JWT) ID Tokens and opens up the world of Social Login too! B2C application builders not only defer the authentication process to a third party but at the same time can leverage rich sources of user profile information in a regulatory compliant manner. Further, offering OIDC-compliant user authentication flows provides the means for your application(s) themselves to become Social authenticators if and when desired.

…or SAML

With SAML, you have full access to the world of B2B and B2B2C opportunities in a way that best suits you and your business needs. Via the comprehensive flexibility of an IdP platform like Auth0, automatically enable Enterprise Federation connectivity in your application(s) via the flick of a switch: no need to spend precious time and effort on anything other than your core business logic. And if you need to switch between the two – i.e. OIDC and SAML – easily do that too!

An accessible experience for all

Showing care and consideration helps users feel valued: something which ultimately helps to bring them back time and again. Universal Login offers best practice guidance and provides out-of-box workflows that are designed with accessibility in mind – helping to provide your users with an altogether inclusive experience right from the get-go. Click on the image to read more about how building an accessible user experience can help level the digital playing field for everyone!

Architected Scenario Guidance

Whatever scenario you’re building for, Auth0 has comprehensive guidance to help you navigate through the design decisions often faced when building a Customer Identity & Access Management solution. Let our architecture scenario guidance for both B2C and B2B help you prepare for any eventuality.

Want to learn more?

Okta provides a wide range of courses to help you level up your skills. Why not click on the logo to see what you can discover with Okta Training today?!

Read more about it on the Auth0 Blog

Read the Auth0 Blog, and learn why integrating with Universal Login is the best practice when it comes to user authentication workflows. You can even read more on the advancements we’ve made with Universal Login, and how you get to benefit from them with absolutely no changes to your code!

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!

Passwordless workflows free users from the traditional password that’s typically associated with first-factor authentication. Passkeys are the latest development in passwordless technology, and provide the most advanced flexibility and security when it comes to verifying customer credentials without using passwords!

What are Passkeys?

Based on the WebAuthn specification, a Passkey is a discoverable public key cryptographic credential that provides a fully-flexible user experience across multiple devices. Passkeys are the next generation of advanced user authentication that offer the most compelling replacement to the password so far!

WebAuthn and the FIDO alliance

Web Authentication (a.k.a WebAuthn) is a specification by the W3C and FIDO – an alliance formed with the participation of Google, Mozilla, Microsoft, Yubico, and others. This specification provides for first-factor authentication of a user using public key cryptography instead of a password.

How do Passkeys work?

By leveraging public key cryptographic in conjunction with platform trusted device technology – such as biometric fingerprint or facial recognition – Passkey workflow provides proof that you are in possession of your device. And thus satisfies the various aspects of zero-trust user authentication in one go: something you are, something you know, and something you own.

Next-level WebAuthn

WebAuthn allows folks to leverage secure public key cryptography via the use of their secure (biometric enabled) device, as a replacement for UserID and Password credentials. Passkeys takes this even further, providing for cryptographic credentials that are easily discoverable across devices. Click on the image to learn more about Passkey technology, and see it in action.

Personal Devices…

On a personal device – such as a personal phone, tablet, or laptop – the Passkey generated for a particular site is also saved to the distributed Keychain associated with the provider. For an Apple device, for example, this typically means that the generated Passkey is saved to the iCloud Keychain associated with the Apple ID credentials with which the device is configured.

…Public Devices…

However, there are cases where you may need to use a public device that’s not configured with your provider specific credentials (i.e. your Apple ID, Google ID, etc). In such cases, the Passkey protocol supports signin using what’s often referred to as the “nearby device” workflow. In this scenario, a QR can be scanned by a camera equipped personal device in order to utilize the Passkey it may contain.

…across multiple platforms

With many providers – such as Apple – the QR code mechanism also extends to creating Passkeys on non-personal devices. Which can then be stored in the provider distributed Keychain. And QR code workflows can be used with devices on different platforms too – regardless of whether they’re personal or public in nature.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

Meet Universal Login

Auth0 Universal Login allows you to create a fully customized user authentication experience, that incorporates Passkeys at the push of a button! And one that supports features like SSO and MFA too, right out-of-the-box! Integrate Universal Login as part of your login workflow, and let us focus on providing seamless access to all of the capabilities supported by the Auth0 platform, whilst you focus on building the core experience of your application.

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Read more about it on the Auth0 Blog

Click on the logo to read more about Passwordless Authentication using Passkeys on the Auth0 Blog The Auth0 Blog is also where you can find numerous articles on how Auth0 makes life easier when it comes to building Customer Identity & Access Management.

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!

Enterprising SSO

Enterprise Federation – also referred to as SSO – allows you to leverage the Identity Provider (IdP) already employed by an Enterprise. Valuable in some B2C application scenarios, this facility paves the way for making B2B and B2B2C opportunities a reality, opening the door to additional lines of revenue!

Hi, I’m Peter Fernandez, an Innovator, Architect, Consultant, Engineer, and Principal Developer Advocate at Auth0 by Okta. I’d like to share with you some of my experience building user authentication, using Enterprise Federation, into modern applications and how easy it is to do that using the Auth0 platform.

User Authentication using SAML….

User authentication in a federated context typically utilizes the SAML protocol. SAML is an industry standard designed to facilitate an enterprise-trusted relationship where a 3rd party can authenticate against the IdP used by an organization. When it comes to integrating the protocol there is a lot to understand. Both ends of a login conversation speak SAML, and when they do, a valid user-authenticated context is determined by the use of a SAML Assertion rather than a UserID and a Password. SAML essentially pioneered SSO, and can also leverage the likes of MFA and Passwordless too.

….or OpenID Connect

Federated user authentication can also support the use of OpenID Connect. OpenID Connect – a.k.a. OIDC – is an industry standard alternative to SAML that requires far less configuration from a trust perspective, yet still provides sufficient security for many enterprise use cases. OIDC is typically a lot easier to manage than SAML. However, there is still just as much to understand when it comes to integrating the protocol. When both ends of a login conversation speak OIDC, a valid user-authenticated context is determined by the use of a JWT format ID Token rather than a UserID and a Password. OIDC also enables the likes of Social authentication. Like SAML, OIDC supports SSO, and can leverage the likes of MFA and Passwordless too.

Authentication via the Browser

Enterprise authentication typically requires the use of browser-based workflows – where an application navigates to the federated IdP in order to obtain either an Assertion or a JWT format ID Token, following successful user authentication. Not only does this require the potential re-architecting of existing application logic, it also requires that developers understand the subtle nuances and vaguaries of each federated providers’ implementation.

SP Initiated…

In SAML, the Service Provider – a.k.a. the SP – is the entity that receives and accepts the (SAML) assertion generated by the IdP. One can typically think of the SP as a Web Service – i.e. a Web Application – that can talk SAML protocol. With SP-initiated workflow, it’s the Service Provided Enterprise – the Web Service/Application – that solicits the authentication request with the IdP.

…vs IdP Initaited

In a SAML IdP-initiated workflow, the converse is true: the IdP is the entity that initiates the authentication request, delivering a (SAML) assertion to the SP in an unsolicited fashion. IdP-initiated flows are valuable in providing support for externalized SSO scenarios, where a user may come to an application via the likes of an external web portal or dashboard interface.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

Federate using Universal Login

Auth0 Universal Login allows you to create a fully customized user authentication experience that includes Enterprise Federation at the push of a button! And one that supports features like SSO and MFA, right out-of-the-box too! Integrate Universal Login as part of your login workflow, and let us focus on providing seamless access to all of the capabilities supported by the Auth0 platform – whilst you focus on building the core experience of your application.

Connectivity out-of-the-box

 Leverage the IdP already used by an organisation with ease via a wide range of readily available Enterprise Connections. All at the flip of a switch! You can even set up Auth0 as either a SAML Service Provider, a SAML Identity Provider, or some combination of both; see here for more details.

Out-of-the-box Organization too

 Employ Organizations to provide ready-made B2B support, where user isolation and application branding can be configured on a per organisation basis.

MFA

Add MFA for enhanced security – even if it’s not provided by the federated IdP! With Auth0 Adaptive MFA, you can fine-tune the user authentication process using intelligent multi-factor access management that dynamically fits customer login behaviours. All whilst satisfying your business needs.

Extensibility

 Customize identity flows with visual drag-and-drop Actions to build functionality that will address your unique requirements.

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Read more on the Auth0 Blog

Read more about Federation and why it can be your secret weapon for B2B, on the Auth0 Blog. We even provide guidance on setting up Auth0 as the SAML Service Provider and/or the SAML Identity Provider for SAML IdP initiated workflows and the like; see here for more details. The Auth0 Blog also provides numerous other articles on how Auth0 makes life easier when it comes to building Customer Identity & Access Management.

Architected Scenario Guidance

Whatever scenario you’re building for, Auth0 has comprehensive guidance to help you navigate through the design decisions often faced when building a Customer Identity & Access Management solution. Let our architecture scenario guidance for both B2C and B2B help you prepare for any eventuality.

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!

What is Authentication?

Authentication is the process of identifying access to a system in order to secure the features/facilities it provides. Even if your application doesn’t require secure access, implementing authentication can enable you to provide a consistent context no matter how that application is used.

Hi, I’m Peter Fernandez, an Innovator, Architect, Consultant and Engineer. I want to share with you some of my experience building Authentication (a.k.a. AuthN) into modern applications and how easy it is to do that using the Auth0 by Okta platform.

User Authentication

User Authentication is the process of identifying a user to your application in order to secure access to the features that the application provides. User authentication is typically performed via the interactive Login process with which we’re all familiar. But even if your application doesn’t require secure access, implementing user authentication can still enable you to provide your users with consistency – like a consistent profile context, which they can take with them no matter how they log in.

Machine Authentication

Machine Authentication provides secure access in a context where there is no user. Instead of an interactive login, a (fixed) set of ID & Password credentials are typically utilized instead. A somewhat less familiar mechanism, Machine Authentication, is used between services or devices when they need to communicate securely with each other – either in the foreground or in the background. Whilst Machine Authentication can be used in situations where processing occurs on behalf of a user, it’s more often used in situations where a user was never present at all.

Login…

User authentication, commonly known as Login, typically starts with an interaction where a user supplies their credentials for verification. Credentials come in a number of different forms, the most familiar being the UserID and Password. But forms associated with Passwordless authentication, Social, and Enterprise scenarios exist too. Once credentials are verified, an application will typically establish the session for the user, and, optionally, an SSO session can be established too.

…vs Logout

The converse process is typically known as Logout. When a user has finished interacting with an application, they will typically terminate their session explicitly via a logout, effectively de-authenticating. Or the application will terminate their session implicitly if no user interaction has occurred for a period of time. Optionally, a Logout can also terminate any SSO session – so that the user must again engage with the Login process interactively if they wish to use the application(s).

First-Factor…

The degree to which user authenticity (and, in some cases, machine authenticity) needs to be proven can vary considerably. First-factor authentication – typically known as (User)ID & Password authentication, but can include the likes of Social or Passwordless authentication – is always a given. However, certain scenarios, such as those that involve performing financial or (security) sensitive transactions, often benefit from the use of one or more additional factors.

…vs Multi Factor

Multi Factor Authentication, typically known as MFA, refers to the process whereby one (or more) factors are required in addition to whatever First-Factor authentication occurs for a user. MFA – also known as 2-Factor Authentication (or 2FA) where only one additional factor is used – provides for the additional verification of a user. MFA can occur immediately after First-Factor authentication or, in cases where SSO is utilized, under certain conditions typically referred to as Step-Up Authentication.

Authentication vs Authorization

Where Authentication is the process of identifying access to a system, Authorization – a.k.a AuthZ – is typically referred to as the process of determining exactly what permission for access is allowed. And it invariable requires Authentication as a pre-requisite!

Authentication Scenarios

Authentication comes in all shapes and sizes. From B2C oriented scenarios – where users are your direct customer – to B2B and B2B2C scenarios, where users are often other people’s customers too. And there are work force scenarios too, often referred to as B2E, where users are (also) employees of an organization. With workflows optionally using Passwordless, MFA and Social, thru service level access using machine authentication and all the numerous combinations in between, these are the use cases where Authentication plays a vital role. And you can click on the image to find out more in the provided guide.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

Meet Universal Login…

Auth0 allows you to create a fully customized user authentication experience at the push of a button! With Auth0 Universal Login you can easily support features like SSO, Social and MFA, as a standard part of the out-of-box Login workflow. Let us focus on providing seamless access to all of the capabilities supported by the Auth0 platform – whilst you focus on building the core experience of your application.

…and the Authentication API

But user authentication is just a part of the story! Whether you’re building for B2C, B2B, or some combination, Auth0 – via its Authentication API – provides full programmatic access to all of the authentication capabilities on offer, making it easy to integrate for machine authentication or any other (custom) authentication use case. All whilst leveraging the full power of the platform at the same time.

Login

Technically known as UserID & Password login, fast-track development of both sign-in and signup experiences for your customers with beautifully branded workflows. All being integrated as part of Auth0 Universal Login out-of-the-box. Click on the image to discover more.

Social Login

Give your customers the choice of using their favourite Social Login provider, whilst at the same time addressing many of the common user onboarding challenges. Effortlessly and seamlessly enabled as part of Auth0 Universal Login. Click on the image to discover more.

Enterprise Federation

 Deploy enterprise federated login for B2B and B2B2C scenarios at the push of a button! Effortless and seamless enablement, out-of-the-box with Auth0 Universal Login. Click on the image to discover more.

SSO

 Reduce user authentication in your application(s), and provide customers with a single user profile – all delivered safely and securely as a standard in Auth0 Universal Login. Click on the image to discover more.

MFA

Out-of-the-box workflows for Multi-Factor Authentication come de facto as part of Auth0 Universal Login. And with the Auth0 MFA API you can build MFA as part of customized workflows. Click on the image to discover more.

Passwordless

For a secure, seamless, and all-around easier user experience, implement workflow(s) – such as Passkeys – that does away with the password at the flip of a switch. All are integrated as part of Auth0 Universal Login and also available via the Auth0 Authentication API. Click on the image to discover more.

Branding

From Auth0 Universal Login to email communications, build beautiful user authentication experiences that match the branding associated with your application(s)/organization.

Extensibility

 Customize identity flows with visual drag and drop Actions to build functionality that will address your unique requirements. Click on the image to discover more.

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Protocol Interoperability

Auth0 supports industry-standard Authentication protocols like OIDC and SAML, which use flexible and secure mechanisms – like the JWT format ID Token, and Assertion, respectively. Auth0 also provides protocol conversion, giving you the ability to easily deliver SSO between applications leveraging either authentication protocol.

Comprehensive Identity Management

Authenticating users is complex enough; the identity management of User Profile information, and the like, is an added complexity you can do without! Notwithstanding the need to comply with regulations such as GDPR or HIPAA, the task of allowing users to self-service change their password, email address, and/or update their personal details can often be a headache. Whilst this can help protect against the likes of Phishing and Vishing attacks, if not done right, can instead open up surfaces for potential attacks too! With Auth0, the likes of Password Reset and Progressive Profiling are provided out-of-the-box, and a focus on regulatory compliance will ensure that you’re always ahead of the game! Click on the image to find out more.

Flexible Factor Support

Via its in-built Extensibility, Auth0 provides easy-to-use low-code configuration for supporting the likes of Adaptive MFA – as well as the ability to deploy pro-code, fully customised authentication, for both First-Factor and bespoke MFA too! Click on the image to read more.

Architected Scenario Guidance

Whatever scenario you’re building for, Auth0 has comprehensive guidance to help you navigate through the design decisions often faced when building a Customer Identity & Access Management solution. Let our architecture scenario guidance for both B2C and B2B help you prepare for any eventuality.

Wyndham Hotels & Resorts reward 100M loyalty members with secure and seamless account access

Following its success with the Okta Workforce Identity Cloud (for their corporate and employee use), Wyndham wanted to extend the same secure, frictionless experience to its loyalty program users. By rolling out the Customer Identity Cloud to its 100M loyalty members, they were able to provide a secure and seamless experience and deliver a single Identity solution across the organization. Click on the Wyndham logo to read more about their story

Want to learn more?

Okta provides a wide range of courses to help you level up your skills. Why not click on the image to see what you can discover with Okta Training today?!

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!

Multi-Factor Authentication

When you need an extra level of authentication beyond the first-factor, in order to secure your customer identities, that’s when most folk turn to the power of MFA.

Hi, I’m Peter Fernandez, an Innovator, Architect, Consultant, Engineer, and Principal Developer Advocate at Auth0 by Okta, and this is my take on the MFA functionality provided by the Auth0 platform.

What is MFA?

Multi-Factor Authentication – a.k.a. MFA, or 2-Factor Authentication (2FA), where only one additional factor is defined – is where a user provides an additional level of authentication via the use of an additional factor. MFA is a complement to first-factor authentication – which is typically where a user authenticates using a UserID and Password, Social, Enterprise Federation, or Passwordless workflow.

Typical MFA deployment

MFA is typically deployed across all users. It typically employs an additional user authentication mechanism – also known as a factor – in an attempt to prove that a user is, in fact, who they say they are. The use of MFA can be an excellent deterrent against Phishing attacks and the like.

Step-Up Authentication

Step-up Authentication is a variation on a theme, where a user is put through MFA at some point in time after first-factor workflow. And it may be more than once too! Step-up Authentication is typically transactional-driven, for example, during financial transactions or the like. Click on the image to see an example and read more about Step-Up Authentication as part of Paywall processing.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

A More Adaptive Approach

Or you could integrate with Auth0 Universal Login! Integrating Universal Login as part of your application login workflow gives you instant access to MFA; click the image to read more. It also gives you access to Auth0’s own Adaptive MFA – where you decide exactly when a user needs to provide an additional authentication factor. With Adaptive MFA, users only need to go through additional security when an additional level of security is required. So Step-Up Authentication is a breeze. With Adaptive MFA, you can progressively roll out MFA too: choose groups of users at a time rather than forcing everyone to use MFA all at once.

Customizable

Enable policy-based workflow to determine when a user will be prompted to complete additional Multi-Factor authentication.

Extensibile

Use Auth0 Actions extensibility to create Adaptive MFA workflows, ensuring only specific factors are used and in specific circumstances.

Support for multiple Factors out-of-the-box

Leverage a wide range of MFA factors provided out-of-the-box – including FIDO Authentication with WebAuthn!

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Read more about it on the Auth0 Blog

Read more about MFA on the Auth0 Blog, where you can find numerous other articles on how Auth0 makes life easier when it comes to building Customer Identity & Access Management.

Want to learn more?

Okta provide a wide-range of cost-free courses to help you level-up your skills. Why not click on the image to see what you can discover with Okta Training today!

MFA and Anomaly Detection Increase Security Company-Wide at Siemens

When Siemens integrated with Auth0, MFA was one of the mandatory requirements for the service from the beginning – and hugely helpful in satisfying the needs of key stakeholders. Hugo Francisco, Service Owner of Siemens ID, told us that the ability to give internal clients an additional level of sign-in security with three distinct ways of adding a second factor came to be one of the main differentiators: “the MFA possibility of our service is one of the most requested/wanted features of our service delivery.” Click on the Siemens logo to read the full story.

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!

Social Login

For an an effortless way to achieve user authentication whilst at the same time addressing many of the common user onboarding challenges, look no further than providing login via the Social identity providers.

Hi, I’m Peter Fernandez, an Innovator, Architect, Consultant, Engineer, and Principal Developer Advocate at Auth0 by Okta, and this is my take on integrating Social Login using the Auth0 platform.

User Authentication using OpenID Connect

Social Login requires the use of OpenID Connect for user authentication. OpenID Connect – a.k.a. OIDC – is an industry-standard secure authentication protocol that requires minimal configuration. When both ends of a login conversation speak OIDC, a valid user-authenticated context is determined by the use of a JWT format ID Token rather than the verification of UserID/Password credentials.

Whilst OIDC is typically easy to manage, there is still much to understand when it comes to integrating the protocol; despite being an industry standard, there are many optional workflows that can be omitted by implementers. OIDC supports SSO and can leverage the likes of MFA and Passwordless too.

Authentication via the Browser

Social Login providers typically require the use of browser-based workflows, where an application navigates to the Social IdP in order to obtain a JWT format ID Token post successful user authentication. Not only does this require the potential re-architecting of existing application logic, but it also requires that developers understand the subtle nuances and vagaries of each Social provider’s OIDC implementation.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

Be more Social with Auth0

For a more all-around experience, give your customers the choice to use their Social provider of choice as part of the login experience. Safely, seamlessly, and securely enabled in an effortless fashion, all as part of Auth0 Universal Login.

Connectivity out-of-the-box

 Leverage identities from over 50+ Social Identity Providers (IdPs) via the wide range of readily available out-of-the-box Social Connections. Each one is enabled at the flip of a switch!

Connectivity customised

 With support for building Custom Social Connections you can also interact with Social Identity Providers (IdPs) not provided out-of-the-box. See here for an example of building a Custom Social Connection with TikTok!

MFA

Add MFA for enhanced security – even if it’s not supported by the Social IdP! And with Auth0 Adaptive MFA you can fine-tune the user authentication process via intelligent multi-factor access management that dynamically fits customer login behaviours. All whilst satisfying your business needs.

Extensibility

 Customize identity flows with visual drag-and-drop Actions to build functionality that will address your unique requirements.

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Read more about it on the Auth0 Blog

Read more about Social Login on the Auth0 Blog. The Auth0 Blog offers numerous other articles too, that highlight how Auth0 makes life easier when it comes to building Customer Identity & Access Management.

Want to learn more?

Okta provide a wide-range of cost-free courses to help you level-up your skills. Why not click on the image to see what you can discover with Okta Training today!

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!

Want to verify customer credentials without using a password? Passwordless frees users from the traditional password authentication typically associated with first-factor workflow, providing flexibility and enhanced levels of security.

Re-defining User Authentication

The password has been around…well, forever! It’s been a core aspect of building login since the first login box was created. The user experience around passwords is well known. It’s also well known that the password is probably one of the most insecure aspects of modern user first-factor authentication! So what if the password went away?

Time to let go of the Password

Passwordless provides user authetication without the password! And it’s something that’s been around longer than most people imagine. From the classic Magic Link – typically delivered via Email – and OTP (One Time Passcode; usually delivered via SMS), to the more modern and more phising-resistant Passkeys, passwordless authentication has become a progressively more secure alternative that can be used in a number of different scenarios.

Freedom of choice; freedom to choose

Modern technology provides more options for even safer and more secure (first-factor) user authentication. WebAuthn allows folks to leverage secure public key cryptography via the use of biometric enabled device, as a replacement for UserID and Password credentials. And Passkeys takes this even further, providing for cryptographic credentials that are easily discoverable across devices. Click on the image to learn more about WebAuthn, and see it in action.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

Go beyond with Auth0

For an all-around easier experience, Auth0 gives you the choice to let customers do away with using passwords as part of their first-factor login experience. Integrate Auth0 Universal Login as part of your application login workflow, and provide provide passwordless workflows – safely, seamlessly, and securely enabled in an effortless fashion.

Passkeys

Based on the WebAuthn specification, a Passkey is the credential that provides a fully-flexible user experience across multiple devices; passkeys are the next generation of advanced user credential that offer the most compelling replacement to the password so far! With Auth0, integrating Passkey support is as simple as enabling a single option! To discover more about Passkeys visit a0.to/do/passkeys.

WebAuthn

Web Authentication (a.k.a WebAuthn) is a specification by the W3C and FIDO – an alliance formed with the participation of Google, Mozilla, Microsoft, Yubico, and others. Auth0 can be easily configured to use WebAuthn, providing first-factor authentication for a user using public key cryptography instead of a password. Or you can go one step further, and add Passkeys for a fully-flexible user experience across multiple devices.

OTP

Configure Passwordless connections in Auth0 to send a One-Time Passcode (OTP) to a user through email or SMS in place of a Password.

Magic Link

Configure Passwordless connections in Auth0 to send a Magic Link to a user via email, in place of a Password.

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Create novel workflows

But Passwordless doesn’t just stop at first-factor authentication. Magic Link, for example, could be used via Extensibility to enable out-of-band workflows for the likes of mobile apps, et al, that allow you to request ad-hoc user interaction as part of User Profile enrichment and the like.

Read more about it on the Auth0 Blog

Read more about Passwordless Authentication on the Auth0 Blog, where you can find numerous other articles on how Auth0 makes life easier when it comes to building Customer Identity & Access Management.

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!

Want to reduce interactive user authentication in your application(s), yet still deliver a safe and secure experience? Provide your customers with a single User Profile, no matter how they login? If something like this is what you’re looking for, then Single Sign On (a.k.a. SSO) is probably what you need!

User Authentication

User Authentication is the process of identifying a user to your application, in order to secure access to the features it provides. You can learn more about it here. But even if your application doesn’t require secure access, implementing User Authentication can still enable you to provide your users with a consistent profile context which they can take with them no matter how they login.

The Classic Approach

When it comes to performing authentication of your users, the classic approach is often the one that’s often used: collect the user credentials in the application – typically a UserID and a Password – verify them, and you’re good to go. It’s something that almost every application builder has implemented themselves at some point in their career.

A Centralized Alternative

But what if you have multiple applications? Or a user has multiple identities? What if you need to support external Social or Enterprise identity providers, such as Google, LinkedIn or X (formerly Twitter), where user authentication is handled by a 3rd party? How about adding support for MFA? And what about supporting Passwordless workflows that do away with passwords altogether?

Reduce interactive user authentication

By deferring to a centralised service – typically an IdP – SSO allows the process of user authentication to be handled in one place. One place with which to integrate; one place to QA and test. One place to manage all aspects of production deployment, and one place to add new features and functionality.

Reduce first-factor friction

However, that’s not all. SSO significantly reduces first-factor interactive authentication, by mitigating the need for a user to constantly supply credentials. It’s a win-win situation: less user friction means better adoption in your application.

Deliver user profile consistency

By leveraging a centralised IdP, steps can be taken to ensure that user profile information returned as part of successful authentication is consistent, no matter how customers login to your application(s). If you’ve ever used an application where your user profile – including your user preferences – seem to change depending on how you login, then you’ll know exactly how infuriating that can be!

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

Meet Universal Login

Say hello to Auth0 Universal Login! Universal Login allows you to create a fully customized SSO authentication experience at the push of a button. One that can be shared across all your applications too! Integrating Universal Login into your application login workflow also provides seamless access to all of the additional capabilities supported by the Auth0 platform – such as providing a consistent and reliable User Profile for each of your customers.

Account Linking

Link one or more account for the a user to create a single User Profile. Account Linking ensures that no matter how your customers login, their information and their preferences always remains the same.

Extensibility

 Customize identity flows with visual drag and drop Actions to build functionality that will address your unique requirements.

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Log In. Just Once.

Universal Login provides a seamless authentication experience as your users navigate through your applications. It works by leveraging Auth0 as the central IdP – which all applications trust and leverage, typically via the Browser. When a user goes to login for the first time, a successful interaction creates a cookie in the context of an Auth0 Tenant. Then, whenever another another application’s accessed, the user’s redirected to the same Auth0 Tenant and if there’s already a valid cookie they’ll simply get redirected directly to the application, without any further prompt for interactive login.

Architected Scenario Guidance

Whatever scenario you’re building for, Auth0 has comprehensive guidance to help you navigate through the design decisions often faced when building a Customer Identity & Access Management solution. Let our architecture scenario guidance for both B2C and B2B help you prepare for any eventuality.

Read more about it on the Auth0 Blog

Read more about SSO on the Auth0 Blog, where you can find numerous other articles on how Auth0 makes life easier when it comes to building Customer Identity & Access Management.

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!