ConfigurationAuthentication

Magic Links

Magic links allow users to authenticate without a password. Instead, the user receives a link by email that they can click to log in. When a magic link is used, any configured multi-factor authentication requirements are skipped.

By default, magic links are disabled in Auth.it. To enable them:

  1. In the Authentication view, locate the Magic Link section.
  2. Click Enable Magic Link to open the settings window: Configuring magic links
  3. Switch the toggle from Disabled to Enabled.
  4. Optionally, configure additional settings:
    • Force create user: if selected, when a user tries to log in with an unknown email address, Auth.it automatically registers a new user account.
    • Update profile: if selected, the recipient of the magic link must update their user profile (first and last name) on first login.
    • Reusable link: if selected, the magic link can be used multiple times until it expires; otherwise, it can only be used once.
    • Token lifespan (s): the lifetime of a magic link before it expires. The default value is 86400s (24 hours).
  5. Click Save changes.

When magic links are enabled, the user enters their email address as usual. When asked for a password, they’ll see an additional option labeled Try Another Way: Password entry form with a link to log in with a magic link

Clicking this link displays all available login options, including Magic link: Login options

If the user chooses to log in with a magic link, they receive an email containing the link. After clicking it, they’re signed in and redirected back to your application.