Authentication & authorization overview
Build frictionless and secure authentication experiences for your users across all their devices and channels.
- Use journeys to create identity experiences with easy-to-use graphical interface and Mosaic SDK.
- Use an OIDC-based approach to authentication if you're interested in the classic OIDC integrations initiated from the browser, such as Mosaic's hosted login experience.
- Use backend-initiated approach to implement integrations leveraging Backend Authentication APIs .
Biometric authentication
Based on the FIDO2 WebAuthn standard, biometric login is secure, consistent, and convenient for your customers. Launch fast with a fully hosted experience, or use our APIs/SDKs with your custom UI.
On mobile devices, consider implementing authentication with device sensors, such as Face ID or fingerprint.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with passkeys (WebAuthn) | Not supported | Guides | Guide |
| Log in with mobile biometrics | Not supported | Guides | Guide |
One-time login
Log in users using a one-time code sent to their phone or email, or magic link sent to their email. This passwordless option allows users to log in to a device that doesn't support WebAuthn biometrics, or a device that doesn't belong to them.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Email magic link | Guide | Guide | Not supported |
| Email OTP | Guide | Guide | Guide |
| SMS OTP | Guide | Guide | Guide |
Time-based passcodes
Log in users using time-based one-time passcodes (TOTP) generated by authenticator apps like Google Authenticator or Twilio Authy.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with TOTP | Not supported | Guide | Guide |
Push notifications
Log in users with push notifications sent to their trusted device.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with push notifications | Not supported | Not supported | Guide |
Social login
Social login allows customers to quickly authenticate with their existing social media accounts. Add this into your app to provide a fast and easy way for your customers to sign up, and minimize friction at checkout.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with Apple | Guide | Guide | Not supported |
| Log in with Google | Guide | Guide | Not supported |
| Log in with Facebook | Guide | Guide | Not supported |
| Log in with LINE | Guide | Not supported | Not supported |
| Log in with Tiktok | Not supported | Guide | Not supported |
Password login
Password login allows you to authenticate users with a username and password, so you can smoothly migrate your customers from passwords to a passwordless solution.