With Embedded Login, place identity flows where users convert — integrated with checkout, within agents, inline in-app. Reduce identity overhead and security slowdowns with more capabilities and security tooling built in.
Fine-tuning identity is the fastest way to drive conversions
For apps that compete on experience, to win, your teams need to address all the critical friction points that stop users from converting — especially your identity flows. From sign-up to login to self-service account management, these flows can either make or break user conversions.
By getting identity right, you clear the path to access. That way, your users can go on to successfully purchase that plane ticket, open that investment account, or stream their favourite show. Identity is one of your highest-impact levers for elevating experience and driving conversions. And with Auth0's help, it's low-hanging fruit for increasing conversions.
Auth0 offers two ways to get identity right: use our Auth0-hosted login option (Universal Login), or build Auth0 identity directly into your app (Embedded Login). The best option depends on your needs. Whether you’re a global enterprise or a start-up, you can create optimized identity journeys with Universal Login, Embedded Login, or commonly, a hybrid of the two across different flows.
What has Changed in the Embedded Login Landscape
Embedded Login is our API-based approach to identity that lets your teams embed Auth0 directly into your application code, giving you full control to blend authentication flows seamlessly, exactly where users convert best. These in-app identity flows are ideal for first-party applications — mobile, web, or agentic — that compete on experience.
Previously, Embedded Login required significant custom code and security work to implement safely at scale. Now, two critical shifts have created an uptake in embedded identity use:
The security landscape has matured. Embedded flows have historically been underspecified. Now emerging standards like OAuth 2.0 for First-Party Applications are here to help enterprises support embedded login flows at scale. Plus, more security tools exist to reduce security hurdles — like application attestation, which mitigates impersonation risk for public clients, and DPoP, which guards against token theft.
Teams have new ways to reduce identity overhead. With AI-assisted development, organizations can accelerate embedded implementation faster than ever before. And at Auth0, we're adding more supported capabilities, built-in security and developer tooling to reduce the custom code required to build, maintain and scale embedded flows.
These shifts create new possibilities for Embedded Login. More organizations across industries, such as financial services, travel, retail, and media, are looking to Embedded Login as another attractive way to optimize conversions with in-app identity flows.
Announcing Embedded Login Advancements
That's why we're excited to announce Embedded Login advancements! We're introducing more built-in security and developer tooling to make building embedded identity easier. We've also delivered two new APIs to enable even more embedded identity flows:
Passkey APIs
Passkeys are the industry-leading way to authenticate your users in a safe, low-friction way. Our new passkey APIs bring passkeys directly into your app, regardless of platform. Users can register passkey-enabled accounts directly within your application’s onboarding flows and authenticate quickly using their browser or platform. Existing users can enroll a passkey at any time directly in your app using our new My Account API — read on for more details!
My Account for Authentication Method Management
My Account is our new API that lets users safely and at scale complete self-service operations. We added management of downstream service APIs earlier in the year with Connected Accounts for Token Vault; now, users can self-service manage all their authentication methods directly in your application. Users manage a combined list of all their methods, including multi-factor authentication (MFA), passkeys and passwords.
The rest of this blog will cover:
- Are your identity flows costing you conversions?
- Embedded Login vs Universal Login
- User Journeys Powered by Embedded Login
- What's new in Embedded Login
- Is my identity use case a fit for Embedded Login?Get started
Let's dive in!
Are Your Identity Flows Costing You Conversions?
Consumers expect more from every organization, every purchase, and every experience. Yet too often, authentication experiences are overlooked, and for users, they feel like a speed bump, or worse, a full stop.
Consider these common scenarios:
A user is mid-checkout, ready to complete a purchase, and is suddenly asked to remember a password or navigate a clunky enrollment flow. They abandon their cart.
A customer is chatting with your banking AI agent to dispute a fraudulent transaction. Mid-conversation, they're redirected to a browser for authentication. They lose context and abandon the agent, calling support instead.
A traveller is modifying their booking to add seat upgrades within your mobile app. Mid-flow, they're bumped to your web app and prompted to re-authenticate. They lose momentum and abandon the upgrade.
Friction compounds. Abandonment follows. Conversions suffer.
Identity should be a conversion lever, not a security gate.
How effortless is your sign-up and login experience? When customers download your mobile app, how many successfully sign up and complete a transaction? How easily can users enroll in necessary authentication factors and manage their security profiles? Friction from identity is a no-go if you compete on user experience, particularly when authentication precedes a transaction or high-value interaction.
Delightful user journeys are now normal. You need to optimize your identity journeys, or risk losing customers to your competition. Get identity right, and you're on your way to converting more users from unknown to known, trusted and repeat customers.
So let's look at how you can get identity right.
Two Approaches to Building Identity: Universal Login vs. Embedded Login
As we noted earlier, there are two key ways to build conversion-friendly identity journeys with Auth0: Universal Login and Embedded Login. What's best depends on your need for in-app identity, the authentication patterns you're looking to implement and your development preferences: no-code, low-code, or pro-code. Many customers use a hybrid approach, using different solutions for different identity patterns.
| Auth0's User Journey Options | |
|---|---|
| Universal Login | Auth0-hosted identity is our fastest way to roll out secure-by-design identity flows with no-code and pro-code customization options. Whether you're a large enterprise or a start-up, use Universal Login to create streamlined, tailored identity flows, dictating look, feel and functionality. Plus, with Advanced Customization for Universal Login (ACUL), control every pixel of your authentication experiences using your own design system, tooling, and existing UI/UX investments, all on top of Auth0’s hosted authentication. |
| Embedded Login | Embedded Login is our most flexible option; it lets you integrate identity flows into your application code using Auth0 APIs, SDKs, and components for complete pro-code control. Blend authentication in-app, exactly where users convert. Use Auth0's configurable capabilities and built-in security tooling to reduce security roadblocks and scale faster with less custom code. |
User Journeys Powered by Embedded Login
There are several ways you can use embedded identity to increase conversions in your app. Here are some popular authentication patterns you can deliver with Embedded Login:
Agentic applications
AI agents are the ultimate embedded experience. Embedded Login lets you sign up users within agents, enroll them with new methods, connect to your services, and more, without them leaving the agent context. This avoids redirects that can break the conversational or task-oriented flow that agents rely on.
Cart-integrated identity
Place sign-up strategically so it doesn't impede checkout. Email/phone is collected at checkout, registration occurs silently in the background, and the user is created only on order completion. Zero redirect friction, lower Monthly Average User (MAU) costs, and higher conversion.
Progressive enrollment
Enroll users in additional authentication methods after a high-value action without disrupting it. For example, prompt for passkey enrollment after a successful checkout so users authenticate faster on return visits.
Inline step-up for sensitive operations
Re-authenticate users for high-risk actions—payment updates, account changes with an inline authentication challenge without leaving the app.
In-app self-service factor management
Let customers enroll in and manage their authentication factors in-app, including passkeys, MFA, and passwords.
What Is New in Embedded Login
We are releasing a suite of capabilities to give your teams greater flexibility to execute seamless, in-app identity flows that live within your app, with fewer security hurdles and less identity overhead:
In-app passwordless
Drive up conversions with in-app passwordless access.
- Passkeys APIs: Now Generally Available
Integrate passkey-based authentication directly into native and web applications. Users enroll in passkeys — a phishing-resistant passwordless sign-in method — directly within the mobile, web, or agentic app. No password to remember. They can log in with biometrics, or PIN, just as they would unlock their phone.
In-app self-service factor management
Let users take control of their own authentication methods—without leaving your app.
Self-Service Method Management in My Account – MFA, Passkeys: Now Generally Available
- Self-Service Method Management in My Account – Passwords: Now in Early Access
The My Account API lets users manage their authentication methods directly within your app, integrating self-service into your account management experience or progressive enrollment flows. Applications connected directly to My Account with user-scoped access tokens. - Self-Service Method Management in My Account – Components: Now in Beta
We’re giving developers a turn-key experience for integrating self-service into their applications, with our embeddable web and native components. Eliminate the overhead of creating your own controls and UI using our components, powered directly by our embedded APIs.
Demo walkthrough of Passkeys API and My Account API:
More security built in. Less identity overhead.
We’ve also added several new security features and tools to remove security hurdles and reduce the custom code required to build and maintain embedded identity flows.
- DPoP Support in My Account: Now Generally Available
DPoP (Demonstration of Proof of Possession) helps prevent token theft by binding access and refresh tokens to a key pair managed by your application. Built-in SDK and component support mean you can focus on innovating, rather than security. - Configurable Level of Assurance for Auth0 APIs: Now in Early Access
Authenticate users at the right level of assurance without writing any custom Actions code. My Account is more secure by default, with policy-based step-up for embedded grant types that leverage a user’s MFA factors. - Application Access Permissions for User Flows: Now Generally Available
Controlling which applications in your environment can perform certain operations is vital, especially with high-risk operations like self-service. Historically, this user-centric application authorization was performed using Actions rather than policy.
Customers now have the ability to drive this via configuration, with My Account preconfigured to be more secure-by-default with explicit opt-in for application access. - Expanded MFA Grant Support for Flexible Factors: Now in Early Access
MFA challenges now support a wider range of embedded grant types: Passkey APIs, Email/SMS OTP, and refresh token flows. Use the existing Flexible Factor Actions API to specify exactly which methods to challenge, use default API assurance policies (see above) or use the built-in MFA policy. - Multi-Resource Refresh Token support (MRRT): Now Generally Available
A single refresh token can be used across multiple APIs simultaneously, enabling seamless access to additional services, such as My Account management.
Three ways Embedded Login helps you grow faster
Convert more users.Your applications now have full control over identity flows. Decide exactly when, how, and what users authenticate based on your unique journey — cart-integrated identity at checkout, step-up auth before transactions, progressive enrollment after key actions. Every authentication moment becomes an opportunity to reduce abandonment and drive growth.
Accelerate development with less identity overhead. With expanded feature support and built-in, configurable security tooling, teams reduce the custom code required for embedded identity flows. Developers spend fewer cycles on identity infrastructure and more time shipping core innovation.
Security that doesn't slow you down. Get more security features and tools built in — like support for DPoP and configurable Level of Assurance per API. Sail through security reviews and ship faster, without security blockers stalling your roadmap.
Is my identity use case a fit for Embedded Login?
Embedded Login is well-suited for enterprises that want pro-code identity that blends seamlessly within their app experiences — native, web, or agentic.
Good fit indicators:
- You're building first-party applications (B2C, B2B non-SaaS, or internal apps)
- You're developing native apps (iOS/Android) or planning agentic interfaces
- You already use Embedded Login for a percentage of logins, or are experimenting with different authentication methods and customized user flows
- You have modern app architecture (microservices, API-first) that can leverage Auth0's API-driven embedded capabilities
Get Started
Ready to build in-app authentication experiences that convert?
Explore our documentation: Review our Embedded Login documentation to better understand capabilities and best practices.
Assess for your use case: Evaluate which Embedded Login vs Universal Login features align with your roadmap goals using our guide.
Schedule a consultation: Chat with one of our experts about your specific requirements and how you can best optimize your identity flows to convert.
About the author
Samantha Murphy
Senior Manager, Product Marketing, Auth0
Samantha Murphy is a Product Marketing Senior Manager for Auth0. She leads the Customer Identity Security portfolio, driving go-to-market strategy, messaging, launches, and strategic growth initiatives. Before Okta, Sam spent over six years in product management roles in Identity and Access Management.
She holds a Bachelor of Commerce degree from Queen’s Smith School of Business and is from Ottawa, Canada.
In her free time, Sam makes the most of winter by playing an awesome ice skating sport called ringette.