Skip to content
Scalekit Docs

Enable passwordless sign in

Passwordless authentication allows your users to sign in without entering a password. Users can authenticate using any of the following methods:

  • A verification code (OTP) sent by email.
  • A magic link sent by email.
  • Both a verification code and a magic link sent by email.

This guide shows you how to enable each passwordless login method. You should complete the quickstart guide before following this guide, as it covers building a sign-in page that combines Scalekit’s hosted UI, Google social login, and email-based OTP passwordless login.

Implement passwordless login

Section titled “Implement passwordless login”

This approach redirects users to Scalekit’s hosted UI for authentication. Your app generates an authorization endpoint, where users input their email address. Scalekit handles the verification process and redirects users back to your app. Your app then retrieves the user’s profile details from Scalekit.

Integrate sign in Complete the sign in integration in your application

Configure passwordless login settings

Section titled “Configure passwordless login settings”

You can modify the passwordless login behavior from the Scalekit dashboard without changing your code.

Placeholder for Passwordless Flow

Choose a passwordless login method

Section titled “Choose a passwordless login method”

  1. Navigate to the Authentication tab in your Scalekit dashboard environment.

  2. Select one of the following options:

    MethodDescription
    Verification code (OTP)Users receive a one-time code via email that they must enter to sign in.
    Magic linkUsers receive a secure link via email that they can click to sign in directly.
    Verification code and magic linkUsers receive both a verification code and a magic link via email, allowing them to choose their preferred method.

  3. Click Save to apply your changes.

Enable same browser origin enforcement

Section titled “Enable same browser origin enforcement”

When you enable this setting, users must complete the magic link authentication in the same browser where they initiated the sign-in process.

Enhanced Security: This prevents potential phishing attacks and unauthorized access attempts where attackers might intercept magic links and use them from different devices or browsers.

To enable this feature, check the “Enforce same browser origin” option under the Passwordless section, then click Save to apply the changes.

Customize email templates

Section titled “Customize email templates”

You can customize the emails sent to users to match your brand, or you can bring your own email provider to handle email sends related to passwordless login. Scalekit sends the emails when you use it as your email provider.