Flexible Identifiers and Attributes

A Flexible Identifier is the attribute a user inputs on a login screen to authenticate themselves. You can choose from one or more types of identifiers: email and username are generally available, while the phone identifier is in our early access program. To learn more about Auth0 releases, review Product Release Stages.

Attribute and Identifier definitions

For this product, an Attribute is a piece of user data that can be stored, such as email, phone number, and username. All Identifiers are Attributes, but only specific attributes are Identifiers.

An Identifier is a unique Attribute that recognizes a distinct user in a given connection. Email, phone, and username can uniquely identify an individual and serve as Identifiers, while other attributes contribute to the user's profile without uniquely identifying a user.

Early Access changes and limitations

Flexible Identifiers is available for early access with some limitations to the early access service:

  • Flexible Identifiers including the phone attribute are only available with Universal Login and you must configure a phone provider.

  • You must configure Identifier First to use phone verification on signup.

  • The email address attribute must be enabled to use Adaptive MFA.

  • You must have email on the User Profile to use Signup invites for Organizations.

  • End users blocked under Brute Force Protection cannot unblock themselves via an email link. Other methods are available. To learn more, read Brute Force Protection.

  • Flexible Identifiers moves the identifier field to the first login screen and changes the reset password prompt from email to username.

Issues using Flexible Identifiers

The following is a list of potential issues you may encounter while configuring and managing Flexible Identifiers:

  • If the scope phone is not specified in the authorization request by your application, you will not receive the phone_number claim. To learn more about scopes, read Scopes.

  • Your Get User custom database action script must be valid when Import Users to Auth0 is set to on. To learn more, read Configure Automatic Migration from Your Database.

  • If you use the custom database action script Change Password and want to set email and email_verified to True, you must return the preferred email_verified state on the object. To learn more, read Change Password.

  • If you use a custom database connection with Import Users to Auth0 toggled off, you must align your user profile properties with the Auth0 normalized user profile. To learn more, read Normalized User Profile.

  • If you use a custom database connection with Import Users to Auth0 toggled on, Auth0 will check for uniqueness of phone_number and phone_verified.

  • Once you participate in the early access program, Identifier First prompts will change to display all identifiers on the first screen and remove your previous settings, and the Reset Password prompt will display the input field to Username instead of Email.

  • Familiarize yourself with best practices to avoid SMS Pumping attacks. To learn more, read our whitepaper on SMS Pumping.