Phone as Identifier

Before you start

  1. Auth0 recommends testing this feature in a development environment before releasing it widely.

  2. You must have a valid Get User script if you’re using a Custom Database with import mode on. For more information, read Configure Automatic Migration from Your Database.

  3. Familiarize yourself with the best defenses from SMS Pumping attacks.

  4. Specify in the client authorize request that the phone scope will receive a token with the phone_number claim.

  5. If you activate Username, make note of your previous settings in case you need to revert your client.

Phone as identifier allows Auth0 users to be identified by phone number instead of email.

Early Access limitations

  • Adaptive MFA won't function on connections that do not have email address as an attribute.

  • If your tenant uses Brute Force Protection and a connection with phone number as the sole Identifier, end users will have one less method to remove themselves from a blocked state since the link to do so is sent via email. They instead must reset their password or an admin must unblock them via the Management API.

Configure a phone provider

Admins must configure phone provider to use phone as an identifier.

  1. Navigate to Auth0 Dashboard > Branding > Phone Provider.

  2. Choose your preferred Phone Provider, then choose which Delivery Methods you’d like phone messages to be delivered.

  3. Configure your provider settings. For more information about how phone providers work, see Sending Messages with Messaging Services, How to create an Application SID, and Auth Tokens and how to change them.

Setting Description
SMS Source Choose either your Twilio Messaging Service SID or a Use From phone number. For more information, see here.
From or Messaging SID Enter either your Twilio Messaging Service SID or a From phone number. Users will see this as the sender.
Twilio SID Your Twilio account SID. For more information, see here.
Twilio AuthToken Your Twilio AuthToken. For more information, see here

The following is example code for how to configure a phone provider via the Management API:

{
  "name": "PROVIDER_NAME",
  "disabled": TRUE|FALSE,
  "configuration": {
    "sid": "TWILIO_SID',
    "mssid": "MESSAGING_SID"
    "default_from": "FROM_PHONE_NUMBER",
    "delivery_methods": ["text". "voice"],
  },
  "credentials": {
    "auth_token": 'some-token',
  },

Was this helpful?

/

Activate Phone as ID

Activating Phone as ID in your Auth0 Dashboard ensures that your existing settings are maintained.

  1. Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection you want to activate.

  2. Go to the Attributes tab and choose the Activate button in the New Attributes Configuration.

  3. Confirm that you’ve tested in a Development environment, then choose Proceed.

Available attributes and configuration options

The new signup flow gives admins the option to use any or all of three Attributes: phone, email, and username. Choosing phone requires admins to set up a phone provider.

Options Outcome
Use [phone/email/username] as Identifier Makes the Attribute an identifier for this connection. Users can use the chosen attribute for login and password reset.
Allow Signup with [phone/email/username] as Identifier Provides administrators with three choices for their login flow:
  • off - Attribute will be blocked from signup flows.
  • optional - Attribute will be optional on signup flows.
  • required - Signup flows will fail if attribute is not present.
Signup flows include:
  • New / Classic Universal Login
  • Authentication API dbconnections/signup endpoint
Verify [phone/email] on sign up If chosen for email, users will be asked to confirm their email with a magic link.
If chosen for phone, users will be required to confirm their phone number with a one-time password. Admins must configure a phone provider to verify with a user's phone.
Require [phone/email/username] on user profile Requires a chosen attribute to be present across all operations that create or update a user profile on this connection.

Attribute is present on the following:
  • Signup flows
  • Creating or updating a user via the Management API
  • Bulk user import

The Username Length field in Username settings sets the minimum and maximum values allowed for a user to have as username.

Allow usernames in email format permits users to pick a username that looks like an email (like joe@example.com) and Allow usernames in phone number format permits users to pick a username that looks like a phone number (like 14445556666). Both are are special scenarios and are off by default.

Choose attributes on a new connection

Administrators can customize various connection attributes in their Auth0 Dashboard. If you used Username in your previous settings, make note of them before making changes in case you need to revert the changes.

  1. Navigate to Auth0 Dashboard > Authentication > Database, then choose the + Create DB Connection button.

  2. Enable one or more of the attribute toggles under Choose one or more attributes as user identifiers. The following are an attribute's default settings:

    1. Use {attribute} as Identifier: True

    2. Allow Signup with {attribute}: Required

    3. Require {attribute} on user profile: True

    4. Username Length: Min: 1 Max: 15

    5. Allow usernames in email format: False

    6. Allow usernames in phone number format: False

  3. Change the settings to fit your requirements, then choose the Create button.

Configure existing connection attributes

  1. Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection to activate.

  2. Go to the Attributes tab and choose the ... menu button next to an Attribute, then select Configure from the dropdown menu.

Remove existing connection attributes

Notes about this Early Access feature:

  • If an administrator removes an attribute, end users who added it will maintain the attribute's information on their profile.

  • End users will no longer be able to login, signup or reset passwords using the removed attribute, and one attribute must remain active on a connection.

Remove an Attribute

  1. Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection to deactivate.

  2. Navigate the the Attributes tab and choose the ... menu button next to an Attribute, then select Remove attribute from the dropdown menu.

Return a connection to its original state

To turn off new attributes, PATCH the connection via the Management API with the following code: 

{
"options": {
        }
}

Was this helpful?

/