Phone as Identifier
Before you start
Auth0 recommends testing this feature in a development environment before releasing it widely.
You must have a valid Get User script if you’re using a Custom Database with import mode on. For more information, read Configure Automatic Migration from Your Database.
Familiarize yourself with the best defenses from SMS Pumping attacks.
Specify in the client authorize request that the
phonescope will receive a token with thephone_numberclaim.If you activate Username, make note of your previous settings in case you need to revert your client.
Auth0’s Phone as Identifier feature is in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. To learn more about Auth0’s release stages, read Product Release Stages.
Phone as identifier allows Auth0 users to be identified by phone number instead of email.
Early Access limitations
Adaptive MFA won't function on connections that do not have email address as an attribute.
If your tenant uses Brute Force Protection and a connection with phone number as the sole Identifier, end users will have one less method to remove themselves from a blocked state since the link to do so is sent via email. They instead must reset their password or an admin must unblock them via the Management API.
Configure a phone provider
Admins must configure phone provider to use phone as an identifier.
Navigate to Auth0 Dashboard > Branding > Phone Provider.
Choose your preferred Phone Provider, then choose which Delivery Methods you’d like phone messages to be delivered.
Configure your provider settings. For more information about how phone providers work, see Sending Messages with Messaging Services, How to create an Application SID, and Auth Tokens and how to change them.
| 設定 | 説明 |
|---|---|
| SMS Source(SMSソース) | [Twilio Messaging Service(Twilioのメッセージングサービス)]または[Use From(送信元を使用)]を選択します。詳細については、こちらを参照してください。 |
| From(送信元)またはMessaging SID(メッセージングSID) | TwilioのメッセージングサービスSIDまたは送信元電話番号を入力します。ユーザーにはこれが送信者として表示されます。 |
| Twilio SID | TwilioのアカウントSID。詳細については、こちらを参照してください。 |
| Twilio AuthToken | TwilioのAuthToken。詳細については、こちらを参照してください。 |
The following is example code for how to configure a phone provider via the Management API:
{
"name": "PROVIDER_NAME",
"disabled": TRUE|FALSE,
"configuration": {
"sid": "TWILIO_SID',
"mssid": "MESSAGING_SID"
"default_from": "FROM_PHONE_NUMBER",
"delivery_methods": ["text". "voice"],
},
"credentials": {
"auth_token": 'some-token',
},Was this helpful?
Activate Phone as ID
Activating Phone as ID in your Auth0 Dashboard ensures that your existing settings are maintained.
Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection you want to activate.
Go to the Attributes tab and choose the Activate button in the New Attributes Configuration.
Confirm that you’ve tested in a Development environment, then choose Proceed.
Available attributes and configuration options
The new signup flow gives admins the option to use any or all of three Attributes: phone, email, and username. Choosing phone requires admins to set up a phone provider.
| オプション | 結果 |
|---|---|
| Use [phone/email/username] as Identifier(電話番号/メール/ユーザー名を識別子として使用する) | 属性がこの接続の識別子になります。ユーザーは、選択した属性を使ってログインやパスワードのリセットを行うことができます。 |
| Allow Signup with [phone/email/username] as Identifier(電話番号/メール/ユーザー名を識別子としてサインアップを許可する) | 管理者は、3つの選択肢の中からログインフローを選択できます:
|
| Verify [phone/email] on sign up(サインアップ時に電話番号/メールを検証する) | メールの場合、ユーザーにはサインアップ時にマジックリンクを使ったメールアドレスの確認が求められます。 電話番号の場合、ユーザーにはワンタイムパスワードを使った電話番号の確認が求められます。管理者は、ユーザーの電話番号を確認するために、電話プロバイダーを構成する必要があります。 |
| Require [phone/email/username] on user profile(ユーザープロファイルで電話番号/メール/ユーザー名を必須にする) | この接続でユーザープロファイルの作成や更新を行うすべての処理に、選択した属性が要求されます。 以下では属性が必須になります。
|
The Username Length field in Username settings sets the minimum and maximum values allowed for a user to have as username.
Allow usernames in email format permits users to pick a username that looks like an email (like joe@example.com) and Allow usernames in phone number format permits users to pick a username that looks like a phone number (like 14445556666). Both are are special scenarios and are off by default.
Choose attributes on a new connection
Administrators can customize various connection attributes in their Auth0 Dashboard. If you used Username in your previous settings, make note of them before making changes in case you need to revert the changes.
Navigate to Auth0 Dashboard > Authentication > Database, then choose the + Create DB Connection button.
Enable one or more of the attribute toggles under Choose one or more attributes as user identifiers. The following are an attribute's default settings:
Use {attribute} as Identifier: True
Allow Signup with {attribute}: Required
Require {attribute} on user profile: True
Username Length: Min: 1 Max: 15
Allow usernames in email format: False
Allow usernames in phone number format: False
Change the settings to fit your requirements, then choose the Create button.
Configure existing connection attributes
Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection to activate.
Go to the Attributes tab and choose the
...menu button next to an Attribute, then select Configure from the dropdown menu.
Remove existing connection attributes
Notes about this Early Access feature:
If an administrator removes an attribute, end users who added it will maintain the attribute's information on their profile.
End users will no longer be able to login, signup or reset passwords using the removed attribute, and one attribute must remain active on a connection.
Remove an Attribute
Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection to deactivate.
Navigate the the Attributes tab and choose the
...menu button next to an Attribute, then select Remove attribute from the dropdown menu.
Return a connection to its original state
To turn off new attributes, PATCH the connection via the Management API with the following code:
{
"options": {
}
}Was this helpful?