Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs-staging.auth0-mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Enabling Flexible Identifiers on your tenant has the potential to introduce breaking changes to your production environment. Test this feature thoroughly in a development environment and note your current connection settings before releasing it widely.
A Flexible Identifier is the attribute a user inputs on a login screen to authenticate themselves. You can choose from email, username, phone, or a combination of two or more.

Attribute and Identifier definitions

For this product, an Attribute is a piece of user data that can be stored, such as email, phone number, and username. All Identifiers are Attributes, but only specific attributes are Identifiers. An Identifier is a unique Attribute that recognizes a distinct user in a given connection. Email, phone, and username can uniquely identify an individual and serve as Identifiers, while other attributes contribute to the user’s profile without uniquely identifying a user.

Use Flexible Identifiers

Flexible Identifiers is for general access with the following limitations:
  • Flexible Identifiers, including the phone attribute, are only available with Universal Login and you must configure a phone provider.
  • You must configure Identifier First to use phone verification on signup.
  • The email address attribute must be enabled to use Adaptive MFA.
  • You must have email on the User Profile to use Signup invites for Organizations.
  • End users blocked under cannot unblock themselves via an SMS message. Other methods are available; to learn more, read Brute Force Protection.
  • Flexible Identifiers moves the identifier field to the first login screen and changes the reset password prompt from email to username.
  • OTP tokens for phone and email identifier verification have a lifetime of 900 seconds.

Issues using Flexible Identifiers

The following is a list of potential issues you may encounter while configuring and managing Flexible Identifiers:
  • If the scope phone is not specified in the authorization request by your application, you will not receive the phone_number claim. To learn more about scopes, read Scopes.
  • Your Get User custom database action script must be valid when Import Users to Auth0 is set to on. To learn more, read Configure Automatic Migration from Your Database.
  • Each user must be assigned a unique username, email address, and phone number regardless of connection type. The phone number is unique even if not added as an attribute.
  • If you use the custom database action script Change Password and want to set email and email_verified to True, you must return the preferred email_verified state on the object. To learn more, read Change Password.
  • If you use a custom database connection with Import Users to Auth0 toggled off, you must align your user profile properties with the Auth0 normalized user profile. To learn more, read Normalized User Profile.
  • If you use a custom database connection with Import Users to Auth0 toggled on, Auth0 will check for uniqueness of phone_number and phone_verified.
  • Identifier First prompts display all identifiers on the first screen and remove your previous settings, and the Reset Password prompt will display the input field to Username instead of Email.
  • Familiarize yourself with best practices to avoid SMS Pumping attacks. To learn more, read our whitepaper on SMS Pumping.