By default, your project starts with password authentication. At any time, you can simply enable or disable password, passwordless, social login, or SSO options within your dashboard — no code modifications needed.
A classic login method, passwords are the most common way for users to sign up and log in to your app.
We add extra security for your users by disallowing them from using common passwords. We also protect you from brute force attacks by limiting the number of failed login attempts.
Our default password policy is that we require >= 8 characters and a password that hasn't been in a previous breach. This (and 2FA available to everyone) matches the NIST recommendation for passwords.
If a user forgets their password, no problem. We handle the password reset flow with hosted pages and transactional emails - both of which are customizable.
Passwordless authentication allows users to log in without a password. This is done by sending a login link to the user's email address.
We can manage the entire process for you through our hosted login page, including sending the email and verifying the one-time password.
If you would rather handle it yourself, you can use our API to create a magic link that a user can use to log in. This allows you to customize the expiration and the location the user is redirected to after logging in. Note that this doesn't send the email to the user, it just generates and returns the URL.
Social login / SSO allows your users to login using their existing social network accounts (e.g. Google, Github, Microsoft). It makes signing up simpler for your users, as they don't have to remember a password.
Enabling social logins with PropelAuth is a breeze since the majority of the work is done by your hosted authentication pages.
Instructions for enabling Social login are dependent on the specific social network you want to integrate with. Click here for a full list of providers with instructions.
If a user signs up with a social provider after signing up with their email address, their accounts will automatically be linked.
Additionally, if a user creates an account with Google SSO and then later with Github, for example, those accounts will be linked if the emails tied to the two match.
The PropelAuth hosted account page has a 2FA enrollment UI that your users can use to enroll in 2FA, view their backup codes, and disable 2FA. You do not have to write any additional code to provide your users with 2FA. The hosted pages will take care of everything.
You can also allow org owners to require 2FA for their members. Click here for more details.
Enterprise SSO (SAML) allows your users to login using their existing enterprise accounts (e.g. Okta, OneLogin, Azure AD).
It's often a requirement for enterprise customers to use their existing enterprise accounts to login to your app.
We provide self-service UIs for your customers to set up their own SAML connections. You can read more about PropelAuth's SAML support here.
You can control how long users stay logged in for in your dashboard. You can choose between your users staying logged in for a fixed amount of time or having them stay logged in as long as they remain active.
In the settings tab in your Signup / Login menu, you can enable or disable allowing public signups. If disabled, users with the invite other users permission can still invite users to their org. You can also invite users manually to your application in the Users page.
You also have the option to enable or disable signups with personal emails. If disabled, users with common personal email domains (@gmail.com, @yahoo.com, etc.) will not be able to signup for your app.