SendAuth Documentation

⌘K

Quick Start

Quick start guide to get up and running with SendAuth

This guide will help you try out SendAuth in just a few minutes.

Prerequisites

Before you begin, make sure you have:

Step 1: Configure Identity Provider

Day-to-day users will authenticate with your identity provider (IDP) via OpenID Connect 2.0 (OIDC).

Your app will be accessed at .app.sendauth.com.

The following IDPs are supported:

  • Microsoft Entra
  • Google GSuite
  • AWS Cognito
  • Okta

After configuring your IDP and subdomain, go to your account-specific URL and sign in with the same email address that you used to create your SendAuth account.

Step 2: Create Users

On signup, you have a user created automatically with your email address.

If you want to have your users provisioned automatically from your IDP, try out SCIM.

  1. On the Users page, click Add User.
  2. Fill in any fields that make sense.
  3. Click Add.

You can add as many users as you want.

Step 3: Register a Passkey

To authenticate a user, the user must have a passkey. These should be registered either in-person or with a video call so that you can verify the user’s identity before allowing them to register.

Click Actions –> Register Passkey

A modal will appear with a QR code and a link. The user who should register can either scan the QR code with their phone, or you can paste the link to them.

Register User

The recipient will be taken to a page where they can create a passkey. SendAuth supports most WebAuthn capable devices, as well as most FIDO2 compliant devices. Read more about passkey support.

Register Passkey

Step 4: Authenticate the User

Users who have passkeys registered can be authenticated.

On the Users page, click Actions –> Authenticate.

A modal will appear asking for an optional message to provide to the user.

Authenticate User

Once the authentication challenge is issued, you’ll be taken to a monitoring view:

Authentication Monitor View

If the user has an email address or phone number, and their messaging preferences include email or SMS, they’ll receive a notification through that medium. When they follow the link provided, they’ll be taken to an authentication page that shows who sent the request and the message provided.

Answer Auth Challenge

After verifying or rejecting the authentication request, the monitoring view will automatically update:

Authentication Monitor View

At this point, if the user verified their identity, you can assume that the person you’re talking to is who they claim to be!