Sign-in with SMS

SMS login offers users the option to log in with an SMS code sent to their phone for identity verification. This provides a fast and secure login method. After enabling the option in your Builder and allowing your users to configure their phone numbers, they will be presented with this login option in all future login attempts.

Enabling SMS sign-in for your login box

To enable SMS login for your users to configure, go to the builder and in the Quick sign-in section, toggle the SMS login option:

Using SMS as a singular login method

You can offer users the option to log in only with their phone numbers as the authentication method. This is useful in cases where you wish to streamline the migration of users with pre-verified phone numbers to Frontegg, allowing them to simply log in without additional steps. Although not mandatory, it is recommended to use an email-based sign-on as a fallback to improve usability.

MFA and SMS sign-in

You can use MFA with SMS and SMS login together. However, SMS cannot be the only method enabled for MFA. To use SMS for both login and MFA, make sure at least one additional authentication method is enabled.

MFA security settings

As mentioned in the previous section, MFA requires more than just SMS verification if the login method is also set to SMS verification. When you unlock MFA options for your users in their self-service portal, you cannot enable only SMS as the method for them. You must also unlock additional authentication options if you have enabled SMS for login.

Sign-up with phone number

If SMS login is enabled in your Frontegg builder and the phone number field is included in the signup form, users can register and log in using their mobile number. Follow this link for a detailed guide on enabling Phone number on your sign-up form.

• If the phone number was verified during signup (based on your field requirements), no additional verification is needed.

• If it wasn’t verified at signup, users will be prompted to verify their phone number the first time they log in with it.

• Phone numbers can also be marked as verified programmatically via this API, if needed.

User phone setup

After enabling SMS login in your builder, users can navigate to their Privacy & Security tab in the self-service portal in your app and to configure their phone numbers.

Once successfully configured, the next time a user tries to log in to your app, they will see the option to log in with their phone number (or, as shown below, with their phone number or email. Both options will be available if you enable the email verification option in the builder as well).

If the phone number is connected to the user and is successfully set up in the Privacy & Security section, the user will receive a one-time code via SMS. If the code is valid, the user can access the app. If the code is invalid, the user can either try again to receive another code or log in with a different authentication method.

Note that setting up a phone number within the Profile section in self-service, as shown below, does not impact the SMS sign-in flow.

User phone setup via API

You can perform several actions related to SMS login via the API. You can configure, update, or remove a user's phone number and choose whether to trigger an SMS verification sent to the user's mobile device.

You can update a phone number for the user using the environment (management token) and set the phone number as already verified via this API. Alternatively, you can implement your own flow, add a user's phone number, and prompt the sending of a verification code via this API.