New Universal Login Experience
Auth0's New Universal Login Experience provides a reimagined login flow, with a fresh UX design and lightweight pages. When you pick this new experience, Auth0 will use it for all pages that haven't been customized. You can enable it in the Dashboard the Branding > Universal Login Settings tab.
From a functional perspective, the New Experience has much better support for Localization, WebAuthn support, a better MFA experience, support for Organizations, and several improvements across all pages.
The New Experience is being actively developed, so we add new features are regularly. Some pages in the New Experience have certain differences detailed below. To learn more, read New Universal Login Experience Limitations.
Customize login flow
You can specify a Liquid Template for all pages in the login flow with page templates. To learn more, read Page Templates.
You can configure the favicon URL and a custom logo URL by using the Universal Login configuration page or the Branding API. To learn more, read Branding API.
You can override any text by using the Text Customization API. To learn more, read Text Customization API.
How it is different from Classic Universal Login
You can use Passwordless with WebAuthn with Device Biometrics.
If you are using Development Keys for Social Providers:
Single Sign-on (SSO) and Silent Authentication will work properly, which does not happen in the Classic Experience.
Users will see a warning on the login page mentioning that the tenant is configured with Development Keys. To learn more, read Development Keys.
A button will be rendered for each social and enterprise connection.
If you redirect users to the
/loginpage directly, they will get an error unless you have configured the default login route. To learn more, read Configure Default Login Routes. You should always redirect users to the proper authorization request endpoint (e.g.,
/authorizeif you are using OpenID Connect).
You can specify the
login_hintwhen redirecting to Auth0, and it will be used to populate the username/email field for the login or signup page.
You can make users land directly on the Signup page instead of the Login page by specifying the
screen_hint=signupparameter when redirecting to
/authorize. Note that this can be combined with
prompt=login, which indicates whether you want to always show the authentication page or you want to skip if there's an existing session.
||No existing session||Existing session|
|no extra parameters||Shows the login page||Redirects to the callback url|
||Shows the signup page||Redirects to the callback url|
||Shows the login page||Shows the login page|
||Shows the signup page||Shows the signup page|
If users have more than one multi-factor authentication (MFA) factor enrolled (e.g., SMS and Push notifications), the new MFA page will let the user select which one they want to use.
If you are using the Guardian SDK to create your own native application to handle Push Notifications, you can configure the name of the application and the URLs to download them in the Push via Auth0 Guardian option in the Dashboard > Security > Multi-Factor Auth section.
If you have a rule that sets the MFA provider to
google-authenticator, you need to enable the OTP factor in the Dashboard > Security > Multi-Factor Auth section.
You can use WebAuthn for MFA.
In the Classic Login Experience, you can configure a URL to redirect users after completing the password reset. The URL will receive a success indicator and a message. The New Universal Login Experience redirects users to the default login route when it succeeds and will handle the error cases as part of the Universal Login flow. The Redirect URL in the email template will be ignored. Please note that you must provide an Application Login URI in the Dashboard > Applications > Applications Settings tab for the redirect URLs to work.
If the database connection is set to Require Username, the password reset flow will ask the user for the username and send a password reset email to the associated email address. To learn more, read Adding Username for Database Connections.
Custom database connections
When using custom database connections:
The password reset flow will function properly even if you return errors from the change password script.
The errors returned in
WrongUsernameOrPasswordErrorwill be displayed on the corresponding pages. To learn more, read Troubleshoot Custom Databases.
After a user clicks the email verification link, they'll be redirected to a page that will confirm that their email is verified. If the default login route is configured, users will be able to click a button and get redirected to it.
Implement Universal Login using Quickstarts
For detailed instructions on setting up your application to use Universal Login, check out our Quickstart guides and choose the one that best fits your chosen technologies. The Quickstart guides will walk you through all of the implementation steps.