Authentication
/
Password & passwordless
/
SMS sign-In
Last updated

Sign-in with SMS

SMS login offers users the option to log in with an SMS code sent to their phone for identity verification. This makes for a speedy, and secure, login method. After enabling the option in your Builder and allowing your users to configure their phone number, they will be presented with that login option in all future login attempts.


Prerequisites

@frontegg/react@6.0.5
@frontegg/angular@6.5.0
@frontegg/vue@3.0.5
@frontegg/nextjs@8.0.5

Enabling SMS sign-in for your login box

To enable SMS login for your users to configure, you must go to the builder, and in the Quick sign-in section, toggle the SMS login option:

sms

Using SMS as a singular login method

You can offer users to login only with their phone numbers as authentication method. This is useful in cases where you wish to streamline the migration of users with pre-verified phone numbers to Frontegg, allowing them to simply log in, no extra steps needed. Note that for sign up purposes, email is still being required, so if you wish to enable only SMS authentication, sign ups will be disabled (see screenshot).

sms

MFA and SMS sign-in

MFA and SMS login work in tandem. If authentication via SMS is used for both MFA and login purposes, you must enable additional authentication methods (you can't enable only SMS authentication for both login and MFA).

MFA security settings

As mentioned in the previous section, MFA needs more than SMS verification if the login method is also set to SMS verification. When you unlock MFA options for your users in their self-service portal, you can't enable just the SMS method for them but you also need to unlock additional authentication options if you have that option toggled on for login purposes as well. Note that SMS login will be disabled if no other factor is enabled.

sms

User phone setup

After enabling SMS Login in your builder, your users can head over to their Privacy & Security tab and configure their phone number there. Note that setting up SMS login is available only if you already have another MFA option configured.

sms


Once successfully configured, the next time a user tries to log in to your app, they will see the option to log in with their phone number (or, as in the case below, with their phone number or Email. Both options will be available if you enable the email verification option in the builder as well).

If the phone number is connected to the user and is successfully set up in the Privacy & Security section, the user will receive a one-time code via SMS. If the code is valid — the user can access the app. If the code is invalid, the user can either try again and receive another code or log in with a different authentication method.

Note that setting up a phone number within self-service Profile section, as in the below example, does not impact the flow for signing in via SMS.

sms

User phone setup via API

You can perform several actions relating to SMS login via API. You can configure / update / remove a user's phone number, and choose whether to trigger an SMS verification sent to the user's mobile device.

You can update a phone number for the user using the environment (management token) and set the phone number as already verified, via this API. Or, implement your own flow, add user's phone number and prompt sending of a verification code via this API.