Authentication & authorization overview
Build frictionless and secure authentication experiences for your users across all their devices and channels.
- Use journeys to create identity experiences with easy-to-use graphical interface and Mosaic SDK.
- Use an OIDC-based approach to authentication if you're interested in the classic OIDC integrations initiated from the browser, such as Mosaic's hosted login experience.
- Use backend-initiated approach to implement integrations leveraging Backend Authentication APIs .
Biometric authentication
Based on the FIDO2 WebAuthn standard, biometric login is secure, consistent, and convenient for your customers. Launch fast with a fully hosted experience, or use our APIs/SDKs with your custom UI.
On mobile devices, consider implementing authentication with device sensors, such as Face ID or fingerprint.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with passkeys (WebAuthn) | Not supported | Guides | Guide |
| Log in with mobile biometrics | Not supported | Guides | Guide |
One-time login
Log in users using a one-time code sent to their phone or email, or magic link sent to their email. This passwordless option allows users to log in to a device that doesn't support WebAuthn biometrics, or a device that doesn't belong to them.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Email magic link | Guide | Guide | Not supported |
| Email OTP | Guide | Guide | Guide |
| SMS OTP | Guide | Guide | Guide |
Time-based passcodes
Log in users using time-based one-time passcodes (TOTP) generated by authenticator apps like Google Authenticator or Twilio Authy.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with TOTP | Not supported | Guide | Guide |
Push notifications
Log in users with push notifications sent to their trusted device.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with push notifications | Not supported | Not supported | Guide |
Social login
Social login allows customers to quickly authenticate with their existing social media accounts. Add this into your app to provide a fast and easy way for your customers to sign up, and minimize friction at checkout.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with Apple | Guide | Guide | Not supported |
| Log in with Google | Guide | Guide | Not supported |
| Log in with Facebook | Guide | Guide | Not supported |
| Log in with LINE | Guide | Not supported | Not supported |
| Log in with Tiktok | Not supported | Guide | Not supported |
Password login
Password login allows you to authenticate users with a username and password, so you can smoothly migrate your customers from passwords to a passwordless solution.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with passwords | Guide | Guide | Guide |
PIN code
Allow users to authenticate using the same system PIN they use to unlock their mobile device. This method leverages native device security and is supported through the Mobile SDK.
| Authentication method | OIDC-based | Backend-initiated | Journey-based |
|---|---|---|---|
| Log in with PIN code | Not supported | TBD | TBD |