Standard Login

The Standard Login feature from LoginRadius provides a secure and customizable way for users to log in using their email, username, phone, and password. This guide will help you understand the essentials of setting up and integrating the Standard Login feature.

• Email and Password Login: Enable users to authenticate seamlessly using their registered credentials.

• Username Login: Enables login with a username instead of an email.

• Multi-Application Use: Facilitate seamless authentication across multiple applications within the same LoginRadius tenant, ensuring a consistent user experience.

To explore these workflows, visit our Live Demo Page and experience how these features can enhance your applications.

This section lets you enable and customize various login methods, including email/password, phone, and username. For email/password logins, you can configure signup and verification as required or optional and select the verification method (code or link). Phone login requires enabling phone authentication and setting up the signup flow with phone verification via code. For username login, you can enable the feature, define the signup flow, specify whether usernames are case-sensitive, and allow duplicate emails with unique usernames. It is required that at least one of the provided login methods is enabled on your account.

Email Login

This section explains how to enable and configure login with email and password, including options for signup flow, verification flow, and verification methods (code or link). This specific method is the default login method provided to all the customers.

You must navigate to the Authentication configuration section to enable login with your email and password under the dashboard. Also, check your site's email verification in this section as explained below:

• Signup Flow: This section allows you to select the sign-up flow option for your users. The options are:

  • Mandatory - Email input is required at sign-up time and cannot be changed. This option ensures every user has a unique and verified identifier for account-related communications, password recovery, and authentication.

    Scenarios:

    • Businesses rely on email marketing, notifications, or account recovery.
    • Platforms prioritizing email-based single sign-on (SSO) for consistent user identity.
    • For applications where regulatory compliance mandates a verified email address (e.g., finance, healthcare),

  • Optional - Email input is optional at the time of sign-up. If provided, it can only be changed if another authentication type is enabled. This option Supports users who prefer alternative authentication methods or do not wish to provide an email address.

    Scenarios:

    • Apps targeting regions where phone numbers are more common than email for communication and identity.
    • Platforms offer multiple login methods, such as social login or biometric authentication.
    • Businesses focusing on user privacy and reducing barriers to sign-up.

• Verification Flow: This section allows users to select the email verification flow option. The options are:

  • Mandatory Verification: The user must complete the email verification flow before logging in.

    Use Case:

    • Security-critical applications: Platforms that require a verified email to ensure account security, prevent fraudulent accounts, and validate user identity (e.g., financial apps, government services).

    • Compliance-driven platforms: Businesses needing verified user data for regulatory compliance, such as GDPR or HIPAA.

    • Business-driven scenarios: Companies prioritize email as a primary communication channel for account recovery, notifications, or marketing.

  • Optional Verification: The user can skip the email verification flow.

    Use Case:

    • Low-barrier sign-up platforms: Apps or services prioritizing user acquisition where email verification is encouraged but not enforced to avoid deterring sign-ups (e.g., social media or freemium apps).

    • Multi-authentication scenarios: Platforms offering other secure login methods (e.g., social logins or phone verification) where email verification adds optional security but isn't critical.

    • User-centric models: Services focusing on user experience and flexibility by allowing users to choose how they secure their accounts.

  • Disabled Verification: Email verification is turned off, and no verification emails are sent.

    Use Case:

    • Phone-based authentication: Apps where the primary identifier is a phone number and email is secondary or not required.

    • Privacy-focused platforms: These services target users who are sensitive about providing personal information and prefer anonymity or minimal data collection.

    • Internal systems: Platforms used internally within an organization where user accounts are pre-verified or managed by administrators.

Verification Methods: This section allows users to select the email verification method. The options are:

• Email Verification Code: The user will receive a verification code via email to confirm their identity.

• Email Verification Link: The user will receive a verification link via email to confirm their identity.

Email and password fields appear mandatory by default on the registration form when this method is enabled. You can customize these fields per your use case by navigating to the Branding > Form section. Additionally, you'll have the flexibility to manage advanced fields, custom fields, and their controls from this section. For more information on this, refer to the Standard Login Form Fields.

Phone Login

This section explores the concept of phone login as a standard method for user authentication within the broader context of login procedures.

Under the dashboard’s Authentication Configuration section, you can enable phone authentication to allow users to use their phone numbers and passwords to register and log in.

Use case: This type of authentication is helpful for Platforms where phone numbers are users' primary or preferred identifier to enhance accessibility and convenience, especially in regions where email usage is less common.

Scenarios:

• Mobile-first apps, such as ride-hailing or food delivery services, where phone numbers are essential for communication and verification.

• Regions with low email penetration but high mobile phone adoption.

For more information about Phone Login and the setup steps, please refer to the Phone Login Guide.

Username Login

This section provides a comprehensive overview of the typical username login process. It outlines the steps for users to access their accounts using their username and password credentials as an alternative to email-based login.

Use Case: Enables users to create memorable, personalized identifiers, enhancing flexibility and user experience.

Scenarios:

• Social media platforms where usernames serve as public-facing identifiers.
• Gaming applications where usernames are central to the user's identity.

For more information about Username Login and the setup steps, please refer to the UserName Login Guide

Email/SMS Provider

Under the dashboard’s Authentication Configuration section, you can set up and manage email and SMS provider settings to send notifications, OTPs, and other communications.

Email Provider and Template Configuration: You can easily configure SMTP settings to send emails through your chosen provider. The LoginRadius dashboard allows you to manage and customize email templates, ensuring seamless user communication. A step-by-step guide is available to help you set up your email provider.

SMS Provider and template configuration: Configure Text/SMS provider settings to deliver OTPs and notifications to users via text or voice calls. You can also create and manage SMS templates directly from the LoginRadius dashboard. A detailed guide is available to help you integrate your SMS provider.

This configuration ensures reliable communication with your users, tailored to your business needs.

Email/SMS template

This section of the Admin console allows you to edit and manage the email templates for user authentication and transactional emails. Similarly, we have an SMS template customization section to help you customize and manage the templates used in the Phone Login process. The available email template types are:

• Add Email
• Delete Account Email
• Forgot Password Email
• Password Reset Email
• Verification Email
• Welcome Email

Similarly, the SMS templates are as follows.

• Delete User
• Password Reset
• Phone Number Change
• Phone Number Verification
• Welcome SMS

You can search for specific templates using the search bar. Click the "+ Add Template" button to add a new template. You can view and take action on each template by clicking the More options button in the "Action" column.

Each template has distinct settings that can be modified to align with business requirements.

• Template Type: Indicates the specific email templates to which these settings apply (e.g., "Add Email," "Forgot Password," "Verification Email"). The available templates are displayed in a dropdown menu.

• Request Limit: The maximum number of times an email can be requested within the designated timeframe (Request Disable Period).

• Request Disable Period: The duration (in minutes) a user must wait before requesting emails again after reaching the Request Limit.

• Email Token Validity Limit: The length of time (in minutes) the token or link sent via email remains valid.

• Token Type: Determines the verification/authentication link format or OTP (One-Time Password) included in the email.

We also have similar settings for SMS templates to achieve the required customization.

Overall, this section provides the ability to customize and manage the email/SMS templates used for various authentication and transactional flows within the system. For more information, kindly refer to the following documentation:

• SMTP Provider

• SMS Provider configuration

This section offers a detailed walkthrough for integrating a robust and secure standard login process into your application using LoginRadius. It includes back-end integration, front-end customization, and post-login management to deliver a seamless user experience.

Sending Login Requests

Integration via API

REST APIs for greater flexibility and custom control over login workflows.

• Login: /identity/v2/auth/login
• Registration: /identity/v2/auth/register
• Password Reset: /identity/v2/auth/password

Integration via SDK

Utilize the Prebuilt V2 JS login Interface to allow the users to log in via username

Implementing login with JavaScript SDK:

Use LoginRadius SDKs for simplified integration across popular programming languages. SDKs provide pre-built libraries to streamline communication with the LoginRadius API. LoginRadius SDKs simplify authentication by offering pre-built methods for:

• User registration and login.
• Access token management.
• Password reset workflows.

Note: Follow the Session Management document for managing the session after the login process.

• Design a login form tailored to your application’s branding and UX guidelines.
• Include essential fields like email/username and password, ensuring compatibility with LoginRadius’s authentication framework.

Access Token Verification and Handling

• Upon successful login, LoginRadius issues an access token.

• Validate the token's authenticity using LoginRadius-provided token verification methods.

• Implement user-specific logic, such as fetching user profiles or applying role-based permissions.

• The access token serves as a gateway to protected resources and features in your application.

Post-Login Action

Once a user logs in successfully, manage their session and provide an intuitive experience with the following best practices:

• Redirect users to appropriate destinations, such as personalized dashboards, homepages, or role-based sections.

• Store the access token securely in session storage or local storage.
• Ensure storage adheres to security best practices to mitigate risks like token theft.
• Use HTTPS and consider token expiration handling for enhanced security.
• Tokens will be used for subsequent API requests to access authorized resources while maintaining the user’s authenticated session.

LoginRadius provides extensive customization options to meet your business requirements, allowing you to configure validation rules for password policies and advanced security settings. You can customize the login flow using the Admin Console or implement API hooks for dynamic behavior and enhance UI customization by updating branding elements, adding dynamic features, or leveraging hosted pages for complete design control.

• Enforce password policies, such as minimum and maximum length, inclusion of special characters, or adherence to specific formats.
• Configure advanced rules to ensure enhanced security while maintaining user convenience.

• Personalize the login flow using the LoginRadius Admin Console for simple adjustments.
• For advanced customization, integrate API hooks to add logic and dynamic behavior to authentication processes.

• Update branding elements, such as logos, colors, and labels, directly through the Admin Console.
• Leverage hooks to introduce dynamic elements, such as context-sensitive messages or user-specific actions.
• Utilize Hosted Page for greater control and flexibility in designing login experiences to match your application’s look and feel.

• Customer Identity APIs
• LoginRadius SDKs
• Password Policy Configuration