4 mins read

Modern User Authentication for Applications

Cloudentity provides modern user authentication for applications. Add passwordless authentication, broad range of external IDPs, MFA, and control the login flow.

Authentication Overview

Authentication for Apps - App Topology view with clients, idps and Cloudentity

Apps can be connected to Cloudentity for user authentication. Users can authenticated with Cloudentity or external Identity Providers.

Authentication Methods

Cloudentity built-in Identity Pools have their dedicated identity connector – Identity Pool IDP – that you can connect to workspaces without any hassle in order to enable your users to authenticate themselves before acessing your applications.

Passwordless Authentication with Passkeys

When a user is asked to sign-in to an app or website, the user approves the sign-in with the same biometric or PIN that the user has to unlock the device (phone, computer or security key). The app or website can use this mechanism instead of the traditional (and insecure) username and password.


In accordance with FIDO standards, passkeys serve as a superior alternative to traditional passwords, offering quicker, simpler, and safer logins to websites and applications across a user’s various devices. Unlike conventional passwords, passkeys maintain a high level of security at all times and are resilient against phishing attacks.

Verification Codes

Cloudentity sends a unique, time-limited verification code to the user’s pre-registered email address or mobile phone via SMS. Such verification code can be also generated and provided to the custom sign-in application to enable it to provide codes to users over channels.

Verification Codes

With verification codes, users do not use a password - they use the code along their email or phone number to authenticate themselves. It makes verification codes more secure than using passwords, since codes are time-limited and sent to the user for one time use.

After the user provides their email, Cloudentity generates a unique, time-limited link and sends it to the user’s email address or mobile number. When the user selects the provided link, they are automatically redirected to the application and signed in.

At present, Cloudentity does not support the use of Magic Links via a user interface. The feature can only be utilized through API integration and custom sign-in pages.


User provides a unique identifier (such as a username, email, or phone number) and a password. Cloudentity verifies this information against stored user data. If the provided credentials match the stored ones, the user is granted access. This method is a common and fundamental way of securing user accounts.

External Authentication Providers

What You Can Connect What Users See
Identity Providers Login Screen

Social Login

Users use their existing login information from a social networking service, such as Facebook, Google, or GitHub, to sign into a third-party application. It simplifies the process by allowing users to authenticate themselves without the need to create and remember a new username and password for each site.

You can connect Google or GitHub to allow users to sign in using their social networking service.

Enterprise Authentication Providers

Business scenarios very often require identity federation where identities are created and managed across multiple domains or enterprises. Cloudentity allows you to:

Approach to Authentication

Authentication Strategy

Developers that are responsible for providing application users with a possibility to sign in to their accounts must decide between employing a universal or embedded login flow.

With Universal Login, users attempting to log in are redirected to a central domain where authentication takes place, before being redirected back to the app. Conversely, an embedded login flow keeps users within the same page, avoiding redirection to a central domain. The login widget is presented on the same page, and users' credentials are sent to the authentication provider for verification. In a web app, this process involves a cross-origin request.

At Cloudentity, we firmly believe that centralized (universal) authentication is the most robust and secure solution in the majority of cases! It eliminates cross-origin request present in the embedded authentication. By harnessing the full potential of OAuth, it not only satisfies the most stringent security requirements but also delivers a highly adaptable authentication experience.

Add Authentication to App

Your application simply needs to present users with a sign-in button, which, when selected, triggers a call to the Cloudentity OAuth /authorize endpoint. Users are then redirected to the login page (which you can brand if needed), where they can select from a variety of authentication/identity providers that you have pre-configured for their convenience! There’s no need to create intricate login screens or develop custom solutions for multi-factor authentication (MFA), passwordless authentication, and beyond.

This flexibility caters to various user needs, whether it involves offering multiple authentication providers to choose from or implementing multi-factor authentication (MFA) for added security. Thanks to branding and custom domains the login experience stays the same as with embedded login.

Learn more!

Updated: May 15, 2023