Magic links allow users to authenticate without a password. Instead, the user receives a link by email that they can click to log in. When a magic link is used, any configured multi-factor authentication requirements are skipped.
By default, magic links are disabled in Auth.it. To enable them:
- In the Authentication view, locate the Magic Link section.
- Click Enable Magic Link to open the settings window:
- Switch the toggle from Disabled to Enabled.
- Optionally, configure additional settings:
- Force create user: if selected, when a user tries to log in with an unknown email address, Auth.it automatically registers a new user account.
- Update profile: if selected, the recipient of the magic link must update their user profile (first and last name) on first login.
- Reusable link: if selected, the magic link can be used multiple times until it expires; otherwise, it can only be used once.
- Token lifespan (s): the lifetime of a magic link before it expires. The default value is 86400s (24 hours).
- Click Save changes.
When magic links are enabled, the user enters their email address as usual. When asked for a password, they’ll see an additional option labeled Try Another Way:
Clicking this link displays all available login options, including Magic link:
If the user chooses to log in with a magic link, they receive an email containing the link. After clicking it, they’re signed in and redirected back to your application.
