- Implicit signup: A user attempts to log in with an identifier without an account. After OTP verification, the user gets a confirmation screen and can create the account.
- Implicit login: A user attempts to sign up with an identifier that already has an account. After OTP verification, the user simply logs in without an “account already exists” error.
Implicit signup: How it works
- The user enters their identifier (for example, an email) on the Universal Login screen.
- Auth0 sends a one-time password (OTP) and the user enters it.
- Because the identifier has no account, Auth0 shows a Create Your Account confirmation screen with the provided identifier.
- The user selects Confirm. Auth0 creates the account and logs the user in.
email_verified or phone_verified) on the new user profile.
Customize the confirmation screen to your brand and copy with Advanced Customizations for Universal Login (ACUL).
Implicit login: How it works
If a user goes through the signup flow but the identifier already belongs to an account, Auth0 does not return an “account already exists” error. After the user verifies the OTP, they are logged in to the existing account. From the user’s point of view, the flow just works regardless of which path they started.Identifier requirements
Implicit signup creates an account from the single identifier the user provides for authentication. For it to work, the connection must be configured so that one identifier is enough to create a user.| Connection configuration | Implicit signup behavior |
|---|---|
| Exactly one required identifier | Supported. Auth0 creates the account from the provided identifier. |
| All identifiers optional | Supported. The account is created from whichever identifier the user provided for login. |
| Multiple required identifiers | Not supported. The user must complete the standard signup flow to provide the additional required identifiers. |
If you want every user to be able to self-serve through implicit signup, require one identifier on the connection, or make all identifiers optional.
Add a passkey or password
If you enable passkeys and/or password on the connection, the user has the option to add a passkey or set a password after the confirmation screen. This lets a passwordless-first user optionally strengthen their account with an additional credential during signup.API-based configuration
You can use implicit signup and login with Auth0’s hosted solution, the Universal Login Experience, but the Authentication API provides the same capability programmatically for apps that render their own UI. Passallow_signup: true on POST /otp/challenge to let a verified OTP create the account. The same identifier requirements above apply in both cases. To learn more, read Use the Authentication API for Passwordless Login on Database Connections.
Default behavior on passwordless database connections
Implicit signup and login is default behavior for Auth0 Universal Login. It applies automatically to any connection that uses passwordless options, as long as:- You configure a passwordless method (email OTP, SMS OTP, or voice OTP) on the connection.
- The connection allows signups.
- The connection requires a single identifier or makes all identifiers optional. Connections that require multiple identifiers fall back to the standard signup flow.
Actions
Implicit signup creates a real user in the connection, so the same Actions that run during a standard signup also run for implicit signup. The Pre-User Registration and Post-User Registration triggers fire, followed by Post-Login. You don’t need separate Action logic for implicitly-created users.Limitations
- Implicit signup is not supported on connections that require multiple identifiers. Those users must use the standard signup flow.
- Implicit signup and login applies to Universal Login. It is not supported with Classic Login.