With Universal login, users are redirected to a central authorization server. Because authentication is taking place on the same domain as the login, credentials are not sent across origins, increasing security and protecting against attacks such as phishing and bucket brigade attack (sometimes called a man-in-the-middle attack).
Learn More
OAuth 2.0 recommends that only external user agents (such as the browser) should be used by native applications for authentication flows. Universal login provides this in a secure manner while also enabling SSO.
Thanks to Google and others, users are comfortable with redirecting to a trusted domain to authenticate. Implement your login page just once for all your apps and use the Auth0 dashboard to turn on and off features centrally for all your apps.
For example, features such as social logins, MFA and Anomaly detection can be controlled directly from the dashboard for all your registered apps.
Take a no-compromise approach to the login experience by using custom domains. With custom domains, you keep your users interacting with you within the context of your brand and users are not redirected to a third-party site that impacts the branding experience.
For example, if your Auth0 domain is acme.auth0.com, you can have your users to see, use, and remain on accounts.acme.com which helps you preserve the brand context and the user experience during login.
To customize the login page, you will have a couple of options to choose from. You can use Lock, a pre-built and easily configurable login widget to quickly enable a customized login interface.
AUTH0.JS SDKAlternately, you can use our full featured Auth0.js SDK if you need to build your own custom login UI or implement more complex authentication functionality.
AUTH0.JS SDKAlternately, you can use our full featured Auth0.js SDK if you need to build your own custom login UI or implement more complex authentication functionality.
With Universal login, users are redirected to a central authorization server. Because authentication is taking place on the same domain as the login, credentials are not sent across origins, increasing security and protecting against attacks such as phishing and man-in-the-middle.
For example, features such as MFA and Anomaly detection can be controlled directly from the dashboard for all your registered apps.
To customize the login page, you will have a couple of options to choose from. You can use Lock, a pre-built and easily configurable login widget to quickly enable a customized login interface.
Alternately, you can use our full featured Auth0.js SDK if you need to build your own custom login UI or implement more complex authentication functionality.
If you still prefer to embed the login box directly in your website instead of redirecting to the Universal login page, you won’t be disappointed. Lock would be the preferred approach to implement embedded login. The Lock widget can be easily embedded in your app, customized to enable multiple social providers and styled to match your brand. If you need more flexibility, you can create your own login page and use the Auth0.JS SDK to authenticate the user.
Learn More