Hi guys. My idea is to have sign up flow where user, first of all, enter email address, verify OTP, and then enter phone number and verify otp. Can Auth0 support that? For the new universal page, I was able only to call email or phone number flow. User accounts for sms and email should be linked, like one account.
Another question - can I add custom fields to the new Universal page and add them to the user data to be able to then retrieve it? Like Date Of Birth?
Another question - during login process via new Universal page, am I able to send OTP for email and phone and let user enter OTP from whatever origin OTP come from. Thank you guys. At the bottom, I’ve wrote message from the account that I use to setup Auth0.
Small update - for that one, I’ve tried to use SMS MFA, but I guess it comes only in Enterprise plan. Can I achieve Email + SMS Passwordless auth without Enterprise plan? Also I don’t need SMS as MFA. I need it as a part of the mandatory flow. It shouldn’t be something additional, it should be email + sms with linked accounts and MFA will come with something like Google Authenticator. Also MFA won’t work for me since I will need to support Login with email or with sms, MFA should not be mandatory.
Note - Auth0.js is not the case for us. We need SSO for external companies to use our platform. And we need SSO that will support email+sms flow.
Another important question - can I link users from passwordless otp authentication with user with the same email signed from Google?
Thank you for posting your questions. I hope that my answers will satisfy your needs.
As a short response, most of the cases you covered are available for you after implementation with the usage of actions, and you may need to upgrade your plan to at least Essential to be able to use account linking and email/SMS passwordless.
Email and Phone Sign-Up Flow :
The mentioned flow is not available out of the box, you can stick to the Universal login page until email otp is finished then redirect user to signup page hosted on your side to host input form for SMS otp. As said in the short response account linking is available in the essential plan as well as email/sms passwordless connection.
Custom Fields in Universal Login Page:
You can’t add custom fields to the new Universal signup page, but you can customize lock signup page to provide additional signup fields which will be later part of the user meta-data. Lock Configuration Options
OTP for both Email and SMS:
It’s rather unusual behavior as the user will need to input both email and phone number to get the same code on both devices.
You don’t need Enterprise plan to use Email or SMS passwordless but you need at least Essential plan for that.
Yes you can link users from passwordless and email signed from Google User Account Linking
Thank you very much Dawid! In my 3 point I was meaning that user will type email OR phone number inside one input and after that we will send OTP to both of the devices. But I guess yeah, Universal Login won’t handle that. I came up with that solution :
When user registers he enters email on our side, and we redirect him to the sign up page with email connection and email is prefilled. When he is done, he redirects to the app, enters phone number, and we redirect user again to the SSO but with the sms connection and phone prefilled. At the end, on our side, we link this two accounts together. In our login flow, user will type his email or password inside the text box and then code will decide whether to redirect user to the login with phone number or with email. Let me know if that scenario makes sense.