search
how tos

Integrate Authentication

After you’ve added your app to the tenant, you can integrate authentication into your app. Express provides four authentication services to choose from:

Username and Password

Users enter a username and password. Express verifies the user credentials against an identity data store in the ForgeRock Identity Cloud. This is the most basic and least secure form of authentication. It’s typically used for testing purposes.

Passwordless Login With WebAuthN

Users verify their identities without passwords. The Express implementation requires users to enter their passwords once. On subsequent sign-ins, users verify their identities through an authenticator.

An authenticator is a device such as a PC, mobile phone, or tablet that can:

  • Set up a private/public key pair
  • Confirm consent by a user, locally

You can read more about How It Works.

Second-Factor Authentication

Requires two means of verifying a user identity. Username and password credentials are usually the first means. Typically, for the second means, the app sends the user a confirmation code through SMS or Email. The user must submit that confirmation code to access to the app.

You can read more about How It Works.

To use the Express SDK: See

To use the Express REST APIs: See

Second-Factor + WebAutN

Requires two means of verifying a user identity. Username and password credentials are usually the first means. In web authentication, the second means is an authenticator.

An authenticator is a device such as a PC, mobile phone, or tablet that can:

  • Set up a private/public key pair
  • Locally confirm consent by a user

You can read more about How It Works.


To use the Express SDK: In the Postman Collection, go to Authentication APIs > Authentication.

alt text

To use the Express REST APIs: See