## Login identifiers Frontegg supports three login identifiers: **email**, **username**, and **phone number**. You can configure which identifiers users provide during sign-up and which they use to sign in, giving you full control over the authentication experience without forcing every user into an email-centric flow. ### Why flexible identifiers Not every user has an email address, and not every product should require one. Whether you're launching a new app with SMS-first onboarding, migrating users from an existing auth system, or supporting username-based access without email, Frontegg lets vendors choose how users identify themselves — making migration and new deployments simpler. Common scenarios: - **SMS-first onboarding** — Collect a phone number at sign-up and let users sign in with an SMS one-time code, without requiring email. - **Legacy system migration** — Import users who authenticate with a username or phone number from your previous provider and match them in Frontegg. - **Username-only products** — Offer apps where users pick a handle and password, with no email required. ### Supported identifiers | Identifier | Sign-up | Sign-in | | --- | --- | --- | | Email | Supported | Password, magic code, magic link | | Username | Supported | Password; magic code and magic link (code or link sent to the associated email) | | Phone number | Supported | SMS one-time code | At least one identifier must be enabled for sign-up. You can combine identifiers — for example, email and username together, or username and phone number without email. ### Supported configurations Configure identifier combinations in the Frontegg Builder under **Signup** → **Manage signup form**. The table below shows the main patterns vendors use: | Configuration | Typical use case | | --- | --- | | Email only | Default B2B SaaS flow with email verification | | Email + username | Users sign in with either email or username and a password | | Email + phone number | Email for password or magic link; phone for SMS sign-in | | Username + phone number | No email required; SMS-first or username-first products | | Username only | Internal tools or communities where email is not collected | For step-by-step builder instructions, see [User signup](/ciam/guides/login-box/settings/user-signup) and [User sign-in](/ciam/guides/login-box/settings/user-signin). ### Sign-up behavior by identifier **Email** Users register with an email address. If [email verification](/ciam/guides/authentication/credentials/passwords/management#email-verification) is enabled, users must verify before they can sign in. **Username** Users register with a username and password. When username is the only identifier collected at sign-up (no email or phone number), account activation is skipped — Frontegg does not send an activation email, regardless of your environment-level email verification setting. If the sign-up form also collects email or a phone number, standard activation rules apply. At sign-up, usernames must contain only letters, numbers, periods (`.`), underscores (`_`), and hyphens (`-`), with a maximum length of 255 characters. **Phone number** Users register with a phone number. Verification depends on your field requirements in the builder. If the phone number was not verified at sign-up, users are prompted to verify it on their first SMS sign-in. See [SMS sign-in](/ciam/guides/authentication/credentials/sms#sign-up-with-phone-number) for details. When both email and phone number are required on the sign-up form, email verification takes priority; phone verification can be completed during a later sign-in. ### Sign-in behavior by identifier **Password** Users enter an **email or username** and a password. See [Password authentication](/ciam/guides/authentication/credentials/passwords/overview). **Magic code and magic link** Users enter an **email or username**. Frontegg sends the one-time code or link to the email address associated with the account. See [Passwordless authentication](/ciam/guides/authentication/credentials/passwordless). **SMS** Users enter a **phone number** (or, if configured, can use email or username where supported). Frontegg sends a one-time code via SMS. See [SMS sign-in](/ciam/guides/authentication/credentials/sms). ### Custom sign-up forms If you build your own sign-up UI instead of using the hosted login box, call the sign-up API that matches the identifier type: | Identifier | Endpoint | | --- | --- | | Email | `POST /resources/users/v1/signUp` | | Phone number | `POST /resources/users/v1/signUp/phoneNumber` | | Username | `POST /resources/users/v1/signUp/username` | Each endpoint is available only when the corresponding identifier is enabled in your environment's sign-up configuration. For a full custom sign-up walkthrough, see [Bring your own sign-up form](/ciam/guides/use-cases/bring-your-sign-up). Rate limits Sign-up routes are intended for client-side use and are [rate-limited](/ciam/guides/env-settings/rate-limits). ### Password reset Users can reset a forgotten password using their **email** or **phone number**. If the user has a verified phone number on file, they can receive a one-time code via SMS to complete the reset. See [Managing passwords](/ciam/guides/authentication/credentials/passwords/management#password-recovery).