Authentication
/
Password & passwordless
/
SMS sign-In
Last updated

Sign-in with SMS

SMS login offers users the option to log in with an SMS code sent to their phone for identity verification. This provides a fast and secure login method. After enabling the option in your Builder and allowing your users to configure their phone numbers, they will be presented with this login option in all future login attempts.


Prerequisites

@frontegg/react@6.0.5
@frontegg/angular@6.5.0
@frontegg/vue@3.0.5
@frontegg/nextjs@8.0.5

Enabling SMS sign-in for your login box

To enable SMS login for your users to configure, go to the builder and in the Quick sign-in section, toggle the SMS login option:

sms

Using SMS as a singular login method

You can offer users the option to log in only with their phone numbers as the authentication method. This is useful in cases where you wish to streamline the migration of users with pre-verified phone numbers to Frontegg, allowing them to simply log in without additional steps. Note that for sign-up purposes, email is still required. So, if you wish to enable only SMS authentication, sign-ups will be disabled (see screenshot).

sms

MFA and SMS sign-in

MFA and SMS login work together. If authentication via SMS is used for both MFA and login purposes, you must enable additional authentication methods (you cannot enable SMS authentication for both login and MFA only).

MFA security settings

As mentioned in the previous section, MFA requires more than just SMS verification if the login method is also set to SMS verification. When you unlock MFA options for your users in their self-service portal, you cannot enable only SMS as the method for them. You must also unlock additional authentication options if you have enabled SMS for login. Note that SMS login will be disabled if no other authentication method is enabled.

sms

User phone setup

After enabling SMS login in your builder, users can navigate to their Privacy & Security tab to configure their phone numbers. Note that setting up SMS login is available only if another MFA option is already configured.

sms


Once successfully configured, the next time a user tries to log in to your app, they will see the option to log in with their phone number (or, as shown below, with their phone number or email. Both options will be available if you enable the email verification option in the builder as well).

If the phone number is connected to the user and is successfully set up in the Privacy & Security section, the user will receive a one-time code via SMS. If the code is valid, the user can access the app. If the code is invalid, the user can either try again to receive another code or log in with a different authentication method.

Note that setting up a phone number within the Profile section in self-service, as shown below, does not impact the SMS sign-in flow.

sms

User phone setup via API

You can perform several actions related to SMS login via the API. You can configure, update, or remove a user's phone number and choose whether to trigger an SMS verification sent to the user's mobile device.

You can update a phone number for the user using the environment (management token) and set the phone number as already verified via this API. Alternatively, you can implement your own flow, add a user's phone number, and prompt the sending of a verification code via this API.