Auth0 Forms allows customers to insert custom logic into a user flow. This custom logic incorporates screens that Auth0 fully hosts, allowing for direct interaction by your end-users. This custom logic enables customers to solve issues ranging from business, privacy, and consent to technical and infrastructure.
Forms can be used to address many use cases, including:
- Capturing a user’s agreement to a new privacy policy
- Creating a flow to verify a phone number using an OTP code flow, or allow a user to provide a new phone number that is then put through the verification process
- Enabling progressive profiling to keep the signup process simple, while also collecting additional information over time.
One of my customers, a 401 (k) and business retirement planning company, had a few very specific, albeit commonly themed, use cases that needed to be addressed. They were short on time and did not want to have to host additional sites for flows like profile consolidation, user profile updates, and accepting their privacy policy. We used Forms to solve these problems, providing a greatly improved user experience without standing up any new part of their application.
Profile consolidation was a key consideration for this customer. They had four different user profiles (that mapped to their separate internal applications) for a singular customer; each profile had its own account/password, leading to a fractured experience. A single identity meant ease of use for their users and administrators. Of course, with four different profile types, we had to build a Form that could handle different types of users attempting to achieve the same goal.
For personal (non-business) users, we created a flow where the user could enter their zip code, the last 5 of their social, and their birthdate to verify their identity. We then used that information to talk to their backend, gather the user profiles, and return them to Auth0. Once returned, we were able to mask and display the email addresses and allow the users to sync their different profiles onto a single address. After they chose that address, we sent them through an email verification process to make sure they owned the account. The user no longer needed four different accounts to log into their separate systems, and we were able to verify the user through personal details and email OTP.
Another issue was making profile updates to a user’s information. Previously, to change any information, users had to contact support. This led to increased support costs, unhappy users, and headaches for the engineering team who had to keep the information in sync. Using Forms, we were able to create a simple profile page that only displayed the current user information and an edit button. The edit button would redirect the user to an Auth0 Form, allowing them to change their information. Since we were already redirecting users to Auth0 for the Form, we were also able to easily insert MFA prior to making any user updates. This customer used Forms to avoid creating a new profile page that they would then also need to host. They were able to create something lightweight and move the heavy lifting to the Auth0 platform.
Privacy policy acceptance is also an extremely important process that requires user interaction before deciding whether a user is allowed to log in or potentially even sign up to an application or service. Some customers decide to add this as a gateway to their signup process, others decide to add it post-login to ensure users are given the least amount of friction during signup, and some do a combination of both. As privacy policies can be a moving target, it’s important to build in a reusable flow to handle any future updates to the policy that require new user acceptance.
Using Forms and Actions, we were able to create a flow that checked if the user accepted the latest privacy policy; if they had not, they would be directed to a Form that allowed them to accept or deny the policy. If they accepted, they could continue logging in; if they did not, their access was denied.
Forms is an extremely powerful tool within the Auth0 ecosystem, and it is still less than a year old. I am excited to see how this feature will continue to solve customer problems.
Learn More
To learn more about working with Forms, check out the Extend Auth0 Identity Flows with Forms Learning Path on the Okta Learning Platform.
About me
Ed has worked for two years at Okta and is currently a Senior Technical Consultant - specializing in the Auth0 product.