Phone as Identifier

Before you start

  1. Auth0 recommends testing this feature in a development environment before releasing it widely.

  2. You must have a valid Get User script if you’re using a Custom Database with import mode on. For more information, read Configure Automatic Migration from Your Database.

  3. Familiarize yourself with the best defenses from SMS Pumping attacks.

  4. Specify in the client authorize request that the phone scope will receive a token with the phone_number claim.

  5. If you activate Username, make note of your previous settings in case you need to revert your client.

Phone as identifier allows Auth0 users to be identified by phone number instead of email.

Early Access limitations

  • Adaptive MFA won't function on connections that do not have email address as an attribute.

  • If your tenant uses Brute Force Protection and a connection with phone number as the sole Identifier, end users will have one less method to remove themselves from a blocked state since the link to do so is sent via email. They instead must reset their password or an admin must unblock them via the Management API.

Configure a phone provider

Admins must configure phone provider to use phone as an identifier.

  1. Navigate to Auth0 Dashboard > Branding > Phone Provider.

  2. Choose your preferred Phone Provider, then choose which Delivery Methods you’d like phone messages to be delivered.

  3. Configure your provider settings. For more information about how phone providers work, see Sending Messages with Messaging Services, How to create an Application SID, and Auth Tokens and how to change them.

設定 説明
SMS Source(SMSソース) [Twilio Messaging Service(Twilioのメッセージングサービス)]または[Use From(送信元を使用)]を選択します。詳細については、こちらを参照してください。
From(送信元)またはMessaging SID(メッセージングSID) TwilioのメッセージングサービスSIDまたは送信元電話番号を入力します。ユーザーにはこれが送信者として表示されます。
Twilio SID TwilioのアカウントSID。詳細については、こちらを参照してください。
Twilio AuthToken TwilioのAuthToken。詳細については、こちらを参照してください

The following is example code for how to configure a phone provider via the Management API:

{
  "name": "PROVIDER_NAME",
  "disabled": TRUE|FALSE,
  "configuration": {
    "sid": "TWILIO_SID',
    "mssid": "MESSAGING_SID"
    "default_from": "FROM_PHONE_NUMBER",
    "delivery_methods": ["text". "voice"],
  },
  "credentials": {
    "auth_token": 'some-token',
  },

Was this helpful?

/

Activate Phone as ID

Activating Phone as ID in your Auth0 Dashboard ensures that your existing settings are maintained.

  1. Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection you want to activate.

  2. Go to the Attributes tab and choose the Activate button in the New Attributes Configuration.

  3. Confirm that you’ve tested in a Development environment, then choose Proceed.

Available attributes and configuration options

The new signup flow gives admins the option to use any or all of three Attributes: phone, email, and username. Choosing phone requires admins to set up a phone provider.

オプション 結果
Use [phone/email/username] as Identifier(電話番号/メール/ユーザー名を識別子として使用する) 属性がこの接続の識別子になります。ユーザーは、選択した属性を使ってログインやパスワードのリセットを行うことができます。
Allow Signup with [phone/email/username] as Identifier(電話番号/メール/ユーザー名を識別子としてサインアップを許可する) 管理者は、3つの選択肢の中からログインフローを選択できます:
  • off(オフ) - 属性がサインアップフローからブロックされます。
  • optional(任意) - 属性がサインアップフローで任意になります。
  • required(必須) - 属性がないと、サインアップフローが失敗します。
サインアップフローには以下が含まれます:
  • 新しいユニバーサルログインとクラシックユニバーサルログイン
  • Authentication APIのdbconnections/signupエンドポイント
Verify [phone/email] on sign up(サインアップ時に電話番号/メールを検証する) メールの場合、ユーザーにはサインアップ時にマジックリンクを使ったメールアドレスの確認が求められます。
電話番号の場合、ユーザーにはワンタイムパスワードを使った電話番号の確認が求められます。管理者は、ユーザーの電話番号を確認するために、電話プロバイダーを構成する必要があります。
Require [phone/email/username] on user profile(ユーザープロファイルで電話番号/メール/ユーザー名を必須にする) この接続でユーザープロファイルの作成や更新を行うすべての処理に、選択した属性が要求されます。

以下では属性が必須になります。
  • サインアップフロー
  • Management APIを使用したユーザーの作成または更新
  • 一括ユーザーインポート

The Username Length field in Username settings sets the minimum and maximum values allowed for a user to have as username.

Allow usernames in email format permits users to pick a username that looks like an email (like joe@example.com) and Allow usernames in phone number format permits users to pick a username that looks like a phone number (like 14445556666). Both are are special scenarios and are off by default.

Choose attributes on a new connection

Administrators can customize various connection attributes in their Auth0 Dashboard. If you used Username in your previous settings, make note of them before making changes in case you need to revert the changes.

  1. Navigate to Auth0 Dashboard > Authentication > Database, then choose the + Create DB Connection button.

  2. Enable one or more of the attribute toggles under Choose one or more attributes as user identifiers. The following are an attribute's default settings:

    1. Use {attribute} as Identifier: True

    2. Allow Signup with {attribute}: Required

    3. Require {attribute} on user profile: True

    4. Username Length: Min: 1 Max: 15

    5. Allow usernames in email format: False

    6. Allow usernames in phone number format: False

  3. Change the settings to fit your requirements, then choose the Create button.

Configure existing connection attributes

  1. Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection to activate.

  2. Go to the Attributes tab and choose the ... menu button next to an Attribute, then select Configure from the dropdown menu.

Remove existing connection attributes

Notes about this Early Access feature:

  • If an administrator removes an attribute, end users who added it will maintain the attribute's information on their profile.

  • End users will no longer be able to login, signup or reset passwords using the removed attribute, and one attribute must remain active on a connection.

Remove an Attribute

  1. Navigate to Auth0 Dashboard > Authentication > Database, then select the Database Connection to deactivate.

  2. Navigate the the Attributes tab and choose the ... menu button next to an Attribute, then select Remove attribute from the dropdown menu.

Return a connection to its original state

To turn off new attributes, PATCH the connection via the Management API with the following code:

{
"options": {
        }
}

Was this helpful?

/