Skip to main content

Set up sign in and sign up methods

Define how users authenticate when signing in and whether users in a specific Identity Pool can self-register for an account.

  1. Go to Sign-in and Sign-up settings.

    • Tenant level: Go to Tenant Settings (gear icon) > Identity Pools > [Selected Identity Pool] > Sign-in and Sign-up.

    • Workspace level: In your workspace, go to Users > Sign-in and Sign up.

  2. Configure preferences for sign-ins:

    Sign in and Sign up settings

    First-Factor Authentication Methods

    Set the preferred authentication method for the user login to SecureAuth platform. Options are:

    • Password – Login with a password.

    • Verification Code – Send a one-time verification code by email or SMS to the user.

    • Authenticator app – Send a time-based one-time passcode (TOTP) to the user's mobile authenticator app.

    • Passkey – A secure, passwordless option for user convenience. Users can authenticate with FIDO2 devices like YubiKey or Touch ID, using physical or biometric keys instead of traditional passwords.

    Second-Factor Authentication Methods

    Optionally, set another authentication method.

    Reduce 2FA verification on same device

    Remember the device for a set time, avoiding repeated 2FA prompts. You can adjust the time or disable it by setting it to 0 seconds.

    Level of assurance threshold (LOA)

    Defines the minimum confidence level required for authentication. If the real-time LOA falls below this threshold, users must verify their identity with a second factor.

    Recommended ranges:

    • Low (30%) – Low confidence in identity verification. The user may be new or logging in from an unknown device.

    • Medium (60%) – Moderate confidence. Repeated logins from the same device increase LOA over time.

    • High (80%) – Strong assurance. Indicates high trust in the user's identity based on device characteristics.

    To learn more, see Risk Engine: Smarter security in action and Risk analyzers.

    Sign-in identifier Settings

    Select this check box to ignore case sensitivity in email and username during user login.

  3. Configure preferences for sign-up registration mode:

    ciam_signup.png

    Self-registration

    Enable or disable user self-registration

    Admin Initiated Registration

    Controls whether admins can register users (enabled by default). Change only thorugh the API.

  4. Save your changes.

In this section: