# Journey steps

## 

The journey is composed of a series of steps you define using a graphical user interface. These steps can be classified into the following types:

- **User interactions**: These steps are always client-facing (require client-side code) and allow for collecting information from the user or presenting authentication methods. Examples include:
  - Collect user information via forms (e.g., [Login form](/guides/orchestration/journeys/login_form), [Collect information](/guides/orchestration/journeys/get_info_from_client))
  - Present authentication methods such as passwords, passkeys, and OTP (e.g., [Register password](/guides/orchestration/journeys/register_password), [Register passkey](/guides/orchestration/journeys/register_device), [SMS OTP Authentication](/guides/orchestration/journeys/authenticate_sms_otp))
  - Identity verification workflows (e.g., [Identity Verification](/guides/orchestration/journeys/document_verification), [Selfie acquisition](/guides/orchestration/journeys/selfie_acquisition))
- **System execution**: These steps either perform backend tasks or are implicitly handled by the Orchestration SDK without any user interaction. E.g., updating or inserting data into user profiles ([Register Email](/guides/orchestration/journeys/register_email), [Register device](/guides/orchestration/journeys/register_device)).
- **Device operations**: Steps for checking device operations include:
  - Checking the status of devices and authenticators (e.g., [Known Device Status](/guides/orchestration/journeys/validate_device))
  - Cryptographic binding and verification
  - Requests for device information and risk signals (e.g., [Fraud Level Analysis](/guides/orchestration/journeys/risk_recommendation))
- **Web services**: You can define external HTTP calls as connectors configured in the **Integration hub**. These calls include:
  - URL definitions, headers, HTTP methods, and more
  - Data transformations for sending and receiving responses from external services.
- **Expressions**: These steps allow running authscript and typescript code, as well as running requests via [Mosaic APIs](/openapi/api_ref_intro)
- **Calculations and flow control structures**. Some steps involve:
  - Performing calculations based on user input, external service results, or previous steps.
  - Utilizing control structures such as conditions, loops, and alternate branches to guide the flow ([While loop](/guides/orchestration/journeys/while_loop), [Complete journey](/guides/orchestration/journeys/complete_journey), [Reject access](/guides/orchestration/journeys/reject_access)).


**Client SDK and SSO journeys** can include both **user interaction** and **system execution** steps, allowing for seamless interaction between the user and the server. Depending on the specific purpose of the journey, Client SDK and SSO journeys might emphasize client-side steps, such as in user authentication flows, while backend steps handle server-side data processing. This flexibility allows Client SDK and SSO journeys to combine both types of steps as needed.

style

    section article ul li {
        margin-top: 5px !important;
    }