Is there any sort of implementation of a passwordless sign up like Auth0 integration or Okta Passwordless Authentication and Sign-Up? It would be nice to see that type of registration like a magic email link that could be sent off to the user for sign up instead of MFA or SSO. Is there some script for Java that could be used inside the application that could allow integration of such applications from 3rd party vendors? If this is possible already please explain. When the customer signs up they are sent an email and within that email they click on it and they’re sent another email saying that their account has been activated. There’s another reason why I’m asking this is because any user with any domain currently could sign up on these applications and security wise is pretty unsafe. So what have you all used in your applications? Thank you!
So what have you all used in your applications?
I send a Verification Email to all users upon sign up, using an Email Rule. The email contains a random Verification Code. The user receives it and enters it into the form. Then the system compares what the user entered with what was sent. If there’s a match, the user’s account is flagged as “verified”. Once logged into the app there are Page Rules that redirect the user if they are not “verified”.
Although this approach is not passwordless it does two important things: (1) It verifies that the user owns the email address and (2) restricts access to verified users.
You can combine the approach above with a Validation Rule on your sign up form to accept only some domains.
Hope this helps. Feel free to reach out if you’re ever in need of professional assistance.
There are other ways as well.
Note that in both solutions above, the User’s accounts are still password-protected, they just won’t be manually entering their passwords on login. A truly passwordless solution can be implemented using a Biometric API and similar. Would love to see examples of this in Knack. Maybe one of us should build it.