Skip to content
Scalekit Docs
Go to Dashboard

Enable passwordless sign in

Passwordless authentication allows your users to sign in without entering a password. Users can authenticate using any of the following methods:

  • A verification code (OTP) sent by email.
  • A magic link sent by email.
  • Both a verification code and a magic link sent by email.

This guide shows you how to enable each passwordless login method. You should complete the quickstart guide before following this guide, as it covers building a sign-in page that combines Scalekit’s hosted UI.

You can modify the passwordless login behavior from the Scalekit dashboard without changing your code.

  1. Navigate to the Authentication tab in your Scalekit dashboard environment.

  2. Select one of the following options:

    MethodDescription
    Verification code (OTP)Users receive a one-time code via email that they must enter to sign in.
    Magic linkUsers receive a secure link via email that they can click to sign in directly.
    Verification code and magic linkUsers receive both a verification code and a magic link via email, allowing them to choose their preferred method.
  3. Click Save to apply your changes.

This setting improves security by requiring users to complete magic link authentication in the same browser where they initiated the sign-in process. This helps prevent phishing attacks where an attacker could use an intercepted magic link on a different device or browser.

To enable this setting, select the Enforce same browser origin checkbox in the Passwordless section, and click Save.

Enable new passwordless credentials on resend

Section titled “Enable new passwordless credentials on resend”

This setting improves security by generating a new verification code or magic link each time a user asks to resend one. This invalidates the previously sent credential.

To enable this setting, select the Enable new passwordless credentials on resend checkbox in the Passwordless section, and click Save.

You can customize the emails sent to users to match your brand, or you can bring your own email provider to handle email sends related to passwordless login. Scalekit sends the emails when you use it as your email provider.