Core authentication

Magic links

Magic links provide a simple email-based login flow with secure, time-limited tokens.

Magic links are the default passwordless flow in the hosted Authalla UI. When a user enters their email and submits the sign-in form, Authalla starts a login session and sends an email that includes both:

  • A 6-digit PIN (expires in 10 minutes).
  • A magic link.

Users can either enter the PIN or click the magic link to finish authentication. On success, the hosted UI can offer passkey registration (users can skip).

Security properties

  • Magic link tokens are single-use and are expired immediately after successful validation.
  • Tokens expire after 24 hours.

Configure email templates

Customize sender details, branding, and link lifetime in the Admin UI.

Deliverability tips

  • Use a verified domain.
  • Configure SPF and DKIM for your email provider.
Previous
Passkeys
Next
SSO connections