Collect mandatory and optional profile fields during user registration.

Add Google One Tap to your website and authenticate users through Logto.

Securely let users authorize third-party services, then store, manage, and use the tokens with Logto.

Register, name, and manage multiple passkeys via Account API.

Then no password is required for sign-in.

A set of framework-agnostic web components that can interact with Account API.

Support multiple custom domains and render different sign-in experience brandings according to the domain.

Trigger MFA according to the current risk level, e.g. a new device, IP, etc.

Customize policies to control authentication, such as username rules, IP blacklist / whitelist, verification code expiration, etc.

Duplicate dev tenant configurations (connectors, roles, resources, etc.) to a new production tenant.

Support for wildcard patterns in redirect URIs to improve authentication for dynamic environments like preview deployments.

Provide typed libraries for services (e.g., Node.js) to use Logto Management API.

Migrate users from your legacy system to Logto only when they sign in.

Simplify wording when no matching account is found during sign-in experience.

Allow end users to update, delete, and verify TOTP via Account API.

Directly register via forgot password instead of prompting for another round of verification.

Managing user sessions with multi-device session tracking, session controls, etc.

Option to allow both Google Workspace and Google social logins for the same account.

Allow verification code flow for SSO-provided unverified emails.

Hide account status to block account enumeration attack and avoid disclosing sensitive account status info.

Skip verifying email/phone number during sign-up.

Limit access by IP address, user agent, and other policies.

Support SAML social connector for government-backed regional IdPs (e.g., SPID, eIDAS, Singpass).

Authenticate users via API. No redirect needed.

Support RFC 8628: OAuth 2.0 Device Authorization Grant.

A set of framework-agnostic web components that can interact with Experience API.

Allow to use code-based configuration to provision role-based access control, for example, a YAML file.

An out-of-the-box solution that allows org admins to manage identities, organization profiles, and set up enterprise SSO themselves.

System for cross-domain identity management APIs.

Support Client Initiated Backchannel Authentication (CIBA) Flow.

Making it easier for users to see all the apps they’re connected to in one simple, centralized place.

Instantly integrate a fully featured Account Settings page into your app.

Implement RFC 9396 and provide some useful feature around it.

Enable email or SMS passwordless verification for multi-factor authentication.

Block users at the login stage if they come from a specific app. This will essentially enable app-level authentication (beyond just branding).

Reject any sign-up attempts using a disposable email address to prevent spam and improve user quality.

Use Logto as a SAML identity provider.

A set of APIs and rules that allow end-users to update their identifiers and profile.

Add reCAPTCHA / Cloudflare Turnstile / hCaptcha for bot protection.

Achieve SOC 2 compliance and obtain certification.

One-time token for organization member invitation, user invitation, password recovering, etc.

Multiple sign-up identifiers (e.g., email & username) and other improvements

Customize the policy to provisionally lock accounts after multiple failed sign-ins to prevent brute force access.