> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-fix-docs-5547-passwordless-db-update.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Implicit Signup and Login for Passwordless Database Connections

> Learn how implicit signup and login lets users complete a passwordless flow with a one-time code whether or not they have an existing account.

export const ReleaseStageNotice = ({feature, stage, plans, contact, terms}) => {
  const stageTextMap = {
    "beta": "Beta",
    "ea": "Early Access"
  };
  const stageText = stageTextMap[stage] || "a product release stage";
  const prsLink = "/docs/troubleshoot/product-lifecycle/product-release-stages";
  const linkify = (text, url) => {
    return <a href={url} target="_blank" rel="noreferrer" class="link">{text}</a>;
  };
  const includeDetails = (plans, contact, terms) => {
    const hasDetails = terms || plans || contact;
    if (!hasDetails) return null;
    return <span data-as="p">
            {plans && <>This feature is available for {linkify(`${plans} plans`, "https://auth0.com/pricing")}. </>}
            {contact && "To participate, contact " + contact + ". "}
            {terms && <>By using this feature, you agree to the applicable Free Trial terms in Okta's {linkify("Master Subscription Agreement", "https://www.okta.com/legal")}.</>}
        </span>;
  };
  return <Warning>
            <span data-as="p">
                <strong>The {feature} feature is in {linkify(stageText, prsLink)}.</strong>
            </span>

            {includeDetails(plans, contact, terms)}
        </Warning>;
};

<ReleaseStageNotice feature="Implicit Signup and Login for Passwordless Database Connections" stage="ea" contact="support" terms="true" />

Implicit signup and login allows a user to move through the passwordless flow whether or not they have an account. After a user verifies with a one-time password (OTP), Universal Login either logs the user into an existing account or offers to create an account on the spot if an account doesn't exist. You no longer need a separate path for **Sign up** vs. **Log in**.

Review the following behaviors:

* **Implicit signup**: A user attempts to log in with an identifier without an account. After OTP verification, the user gets a confirmation screen and can create the account.
* **Implicit login**: A user attempts to sign up with an identifier that already has an account. After OTP verification, the user simply logs in without an "account already exists" error.

## Implicit signup: How it works

1. The user enters their identifier (for example, an email) on the Universal Login screen.
2. Auth0 sends a one-time password (OTP) and the user enters it.
3. Because the identifier has no account, Auth0 shows a **Create Your Account** confirmation screen with the provided identifier.
4. The user selects **Confirm**. Auth0 creates the account and logs the user in.

If the user selects **Cancel**, they return to the start of the flow.

Because Auth0 verifies the OTP before creating the account, the provided identifier is marked as verified (`email_verified` or `phone_verified`) on the new user profile.

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  Customize the confirmation screen to your brand and copy with [Advanced Customizations for Universal Login (ACUL)](/docs/customize/login-pages/advanced-customizations-for-universal-login).
</Callout>

## Implicit login: How it works

If a user goes through the signup flow but the identifier already belongs to an account, Auth0 does not return an "account already exists" error. After the user verifies the OTP, they are logged in to the existing account. From the user's point of view, the flow just works regardless of which path they started.

## Identifier requirements

Implicit signup creates an account from the single [identifier](/docs/authenticate/database-connections/flexible-identifiers-and-attributes#flexible-identifiers-and-attributes) the user provides for authentication. For it to work, the connection must be configured so that one identifier is enough to create a user.

| **Connection configuration**    | **Implicit signup behavior**                                                                                   |
| ------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| Exactly one required identifier | Supported. Auth0 creates the account from the provided identifier.                                             |
| All identifiers optional        | Supported. The account is created from whichever identifier the user provided for login.                       |
| Multiple required identifiers   | Not supported. The user must complete the standard signup flow to provide the additional required identifiers. |

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  If you want every user to be able to self-serve through implicit signup, require one identifier on the connection, or make all identifiers optional.
</Callout>

## Add a passkey or password

If you enable [passkeys](/docs/authenticate/database-connections/passkeys) and/or password on the connection, the user has the option to add a passkey or set a password after the confirmation screen. This lets a passwordless-first user optionally strengthen their account with an additional credential during signup.

## API-based configuration

You can use implicit signup and login with Auth0's hosted solution, the [Universal Login Experience](/docs/authenticate/login/auth0-universal-login/universal-login-vs-classic-login/universal-experience), but the Authentication API provides the same capability programmatically for apps that render their own UI. Pass `allow_signup: true` on `POST /otp/challenge` to let a verified OTP create the account. The same identifier requirements above apply in both cases. To learn more, read [Use the Authentication API for Passwordless Login on Database Connections](/docs/authenticate/database-connections/auth-api-passwordless-db-connections).

## Default behavior on passwordless database connections

Implicit signup and login is default behavior for Auth0 Universal Login. It applies automatically to any connection that uses passwordless options, as long as:

* You configure a passwordless method (email OTP, SMS OTP, or voice OTP) on the connection.
* The connection allows signups.
* The connection requires a single identifier or makes all identifiers optional. Connections that require multiple identifiers fall back to the standard signup flow.

## Actions

Implicit signup creates a real user in the connection, so the same Actions that run during a standard signup also run for implicit signup. The [Pre-User Registration](/docs/customize/actions/flows-and-triggers/pre-user-registration-flow) and [Post-User Registration](/docs/customize/actions/flows-and-triggers/post-user-registration-flow) triggers fire, followed by [Post-Login](/docs/customize/actions/flows-and-triggers/login-flow). You don't need separate Action logic for implicitly-created users.

## Limitations

* Implicit signup is not supported on connections that require multiple identifiers. Those users must use the standard signup flow.
* Implicit signup and login applies to Universal Login. It is not supported with Classic Login.

## Learn more

* [Passwordless Authentication on Database Connections](/docs/authenticate/database-connections/passwordless-authentication-for-db-connect)
* [Use the Authentication API for Passwordless Login on Database Connections](/docs/authenticate/database-connections/auth-api-passwordless-db-connections)
