Flexible Identifiers and Attributes

A Flexible Identifier is the attribute a user inputs on a login screen to authenticate themselves. You can choose from email, username, phone, or a combination of two or more.

For this product, an Attribute is a piece of user data that can be stored, such as email, phone number, and username. All Identifiers are Attributes, but only specific attributes are Identifiers.

An Identifier is a unique Attribute that recognizes a distinct user in a given connection. Email, phone, and username can uniquely identify an individual and serve as Identifiers, while other attributes contribute to the user's profile without uniquely identifying a user.

Flexible Identifiers is for general access with the following limitations:

• Flexible Identifiers, including the phone attribute, are only available with Universal Login and you must configure a phone provider.

• You must configure Identifier First to use phone verification on signup.

• The email address attribute must be enabled to use Adaptive MFA.

• You must have email on the User Profile to use Signup invites for Organizations.

• End users blocked under Brute Force Protection cannot unblock themselves via an SMS message. Other methods are available; to learn more, read Brute Force Protection.

• Flexible Identifiers moves the identifier field to the first login screen and changes the reset password prompt from email to username.

The following is a list of potential issues you may encounter while configuring and managing Flexible Identifiers:

• If the scope phone is not specified in the authorization request by your application, you will not receive the phone_number claim. To learn more about scopes, read Scopes.

• Your Get User custom database action script must be valid when Import Users to Auth0 is set to on. To learn more, read Configure Automatic Migration from Your Database.

• Each user must be assigned a unique username, email address and phone number if Custom Database with Import Mode is set to on.

• If you use the custom database action script Change Password and want to set email and email_verified to True, you must return the preferred email_verified state on the object. To learn more, read Change Password.

• If you use a custom database connection with Import Users to Auth0 toggled off, you must align your user profile properties with the Auth0 normalized user profile. To learn more, read Normalized User Profile.

• If you use a custom database connection with Import Users to Auth0 toggled on, Auth0 will check for uniqueness of phone_number and phone_verified.

• Identifier First prompts display all identifiers on the first screen and remove your previous settings, and the Reset Password prompt will display the input field to Username instead of Email.

• Familiarize yourself with best practices to avoid SMS Pumping attacks. To learn more, read our whitepaper on SMS Pumping.