Set up phone or SMS authentication

You can allow users to use their phone number as their primary identity for authentication. This is a passwordless method, where the user is sent a code via an SMS to verify them on sign in.

This feature requires paid third-party services to use. Rates and limitations apply.

SMS provider requirements (Twilio)

Link to this section

SMS authentication requires the services of a messaging provider, in this case, Twilio.

You need a Twilio business account to ensure messaging works for local and overseas phone numbers.

Phone authentication interactions are also known as A2P (Application to Person) messaging. Before you implement A2P, check if you need to register your business for 10DLC (10 Digit Long Code) support to be able to send messages, as this is required in some locations.

We also recommend you check Twilio’s guidelines for setting up messaging, and carefully follow procedures for registration, and SMS policies for all relevant countries.

What you need

Link to this section

If you just want to test this feature first, Kinde allows you to send 10 SMS messages per month without setting up Twilio. If you want the feature to be live for your users, you must implement the full Twilio setup.

You’ll need the following details that are in the dashboard of your Twilio account.

• The SID of your Twilio account
• The Auth Token for your Twilio account
• Your Twilio phone number or the Messaging Service SID (if you set one up)

Refer to the Twilio documentation for assistance setting up.

Configure phone SMS auth in Kinde

Link to this section

After you set this up, you can use SMS for both phone authentication and SMS MFA.

1. In Kinde, go to Authentication.
2. In the Passwordless section, select Configure on the Phone tile.
3. Select the Default country that you want to show on the authentication screen when users sign in.
4. Enter the Twilio details from your Twilio account (see above) in the relevant fields.

5. In the SMS source field, select either the Use Messaging service or Use phone number. Verification codes will be sent from whichever you choose.

   Note that the Twilio messaging service is more suitable for global applications as it detects where the sign in comes from and sends from an appropriate number.

6. Depending on your selection in the previous step, enter either the Messaging service SID or Twilio Phone number in the relevant field.

7. Select which applications you want to switch phone auth on for. Only do this if you want users to be able to sign in with their phone number.
8. Select Save.

Switch on phone authentication for an application

Link to this section

After you have set up Twilio details, you’re ready to switch on phone or SMS auth for your applications.

1. Go to Settings > Authentication.
2. In the Passwordless section, select Configure on the Phone tile.
3. Switch on the auth method for the applications you want.
4. Select Save.

SMS message format

Link to this section

You can’t customize the code message that user’s receive. We use a standard format as follows, to allow for easier translation.

Your verification code is [xxxxxx]

Connection ID

Link to this section

When you configure phone authentication, you’ll see that a Connection ID is automatically assigned. If you’re building a custom authentication experience, you’ll need the ID to trigger the phone authentication workflow.