Skip to main content

Identifier First Authentication

Identifier First Authentication streamlines the login process by first requesting the user's identifier (such as email or username) before prompting for a password or other authentication methods. This approach enhances user experience and security by tailoring authentication steps based on the user's context.

This guide explains how to enable and use Identifier First Authentication in Ory Network (Ory Identities) and self-hosted Ory Kratos.

Ory Network

To enable it:

  1. Log in to the Ory Console.
  2. Select your project.
  3. Navigate to Project Settings > Advanced.
  4. Enable "New Account Experience".
  5. Click "Save Changes".
  6. Test the flow in your application by navigating to the login page.

To disable this feature,follow the same steps and disable "New Account Experience".

Self-hosted Ory Kratos

For Ory Enterprise License and Ory Apache 2.0 License users, set the following configuration in your kratos.yaml config file:

kratos-config.yaml
selfservice:
  flows:
    login:
      style: identifier_first

To disable this feature, set style to unified.

Ory Network

The most flexible and scalable way to manage identi­ties, authen­tication, autho­rization and access control.Explore Ory Network

Explore Ory Network