Service
You're starting a new app. Or maybe you already have an app. Either way, it needs logins. And signups. And maybe some other stuff.
That leaves you with a choice. Spend weeks doing it right or hustle through it and risk a half-baked result. Or you could use AuthRocket.
AuthRocket covers all the basics: Logins, Signups, Social Logins, Two-factor Auth, Password Security, and much more. AuthRocket frees you up to focus on your actual app and quickly check the Authentication task off as finished.
LoginRocket gives you ready-to-go logins. You can even customize the look and feel to match your app.
And if you want to host your own logins, we make that easy too.
New user registration is just as easy as logins.
If your user doesn't have an account yet, send them to a matching, LoginRocket-hosted signup page.
Users love social login because it's one less password to remember. That's great but it can be quite the headache to implement. Every social platform has their own tweaks to OAuth2, the APIs change, and the profile data is all formatted differently.
AuthRocket handles all of these complexities for you, unifying everything into one simple API and one consistent profile. Each social login provider takes just a few clicks to enable—and zero code.
We've solved the multiple-profile problem by connecting all of a user's social profiles together. Eliminate user confusion, duplicate profiles and the resulting support calls.
AuthRocket brings everything related to Authentication into a single, unified API, dramatically simplifying your code. New users, existing users, social profiles—everything is normalized before your app sees it.
Not every app needs to verify user emails, but if you need it, you need it, right? With just a couple of clicks, you can enable automatic verification of emails.
Learn more about email verification
By default, hosted logins and signups get a selectable subdomain on loginrocket.com. For a more unified branding experience for your users, add a custom domain like login.yourdomain.com.
"I integrated AuthRocket today and it works really easily. :) Very impressed."
UI
AuthRocket's management portal covers all the basics and more. Find and manage users, add memberships and permissions, reset passwords, and everything else you'd expect to be able to do. It's all there, and you don't have to code any of it.
The management UI includes lots of niceties—the things you might want to add, but never seem to get around to. Filter and sort users by name, last login, or signup date.
Use real-time search to find users and orgs (groups) by name, email, IDs, and other data.
What happens when someone in marketing needs a list of users? Ever had to open a database connection and write a SQL query? We all know that's not how it's supposed to go.
With AuthRocket you won't even have to be involved. Your friendly marketer can login to AuthRocket directly and export their own CSV, all without interupting your workflow.
Every user action in AuthRocket has the option to trigger email messages—to the user or to you.
Want to be notified when a new user signs up? Check.
Want to send a welcome email to new users? Got it.
How about customizing the forgotten password email? Yep—every email can be fully customized (or turned off).
It's one thing for your app to talk with AuthRocket using the API, but what about connecting AuthRocket to your app's admin UI?
With UI Connect, simply configure template URLs for your app and we'll automatically build UI buttons linking back to your app.
"Thank you for your awesome work. We love AuthRocket."
and SSO
Managing the session lifecycle has historically been a challenge. AuthRocket gives you complete visibility and control over the full lifecycle of every user session.
AuthRocket includes full session management, including tracking and enforcing logouts. View active sessions, associated IPs and clients, and even terminate any session at any time.
Have multiple apps? Web + mobile perhaps? Microservices? Planning to? Worried that your boss will ask for single signon someday?
AuthRocket makes SSO completely painless. With AuthRocket, adding a second app, or a third takes only a few minutes. It's so easy your boss just might mistake you for a superhero.
Learn more about AuthRocket SSO
Using one password to access multiple apps is already great, but what about a true seamless login experience? Jump between apps (or microservices) without having to login again.
The amazing part? It doesn't even take extra code. AuthRocket cleverly handles everything for you—each app just sees a normal login.
Our API easily allows you to create login sessions for any user. Use it for impersonating a user, building complex authentication flows, or even bridging the gap between multiple authentication sources.
When a user signs out, how do you enforce the end of their session? AuthRocket knows when a session has ended and can guarantee the user has logged out. If your app needs this, we've got you covered.
Single signoff is the companion to single signon. Ending a session in AuthRocket ends it everywhere for all of your apps.
"The geniuses over at AuthRocket have taken the time to pour over every technical detail of authentication negotiation and management. This level of expertise embedded in a turnkey solution is a rare gem indeed."
and Security
Just because AuthRocket is easy to use doesn't mean you have to sacrifice expected features. AuthRocket provides you with flexible ways to organize users into groups, manage memberships and permissions, and much more.
AuthRocket's data model is surprisingly flexible. One of the places this is most evident is with what we call Orgs, which are a way to organize or group users.
Orgs are useful for groups, accounts, companies, or just about any other conceivable grouping of users.
Each membership for every user can contain permissions information. These work like tags for a blog. Use them for permissions, roles, or even other attributes of membership—basically anything that's meaningful to your app.
Users, orgs, and other core record types all allow you to save custom attributes.
Custom attributes aren't an add-on and don't require extra API calls. They make your development easy by saving extra data where it belongs—right with everything else.
AuthRocket gives you multiple sub-accounts for free (we call them Realms), so you have the option to isolate Production data from Staging. Or Development from QA. Or even App A from App B.
Our API covers the entire service, not just core objects like users and memberships. Want to automate configuration of your account (or even provisioning of sub-accounts)? No problem.
Every API is available to all accounts and is fully documented.
Does your app offer an API to your users? AuthRocket has built-in API key management which securely manages your API keys just like all your other authentication data.
API keys can have permissions and be assigned membership in orgs/groups. Rolling API keys (with overlap before the old one expires) is supported too.
Sometimes you want to know what's happenening with your user data. AuthRocket generates an event for nearly every action in the system (28 event types and growing). Login and signup events are tallied up and included on your app's dashboard.
All events are viewable in the UI, and can also be configured to trigger webhooks back to your apps, making it easy to stay aware of what your users are up to.
The security of your user accounts is important. We've covered all the bases—probably a lot more than you'd have time to address yourself.
Improve security risk management by never seeing user passwords. In the world of credit cards, it's now a best practice for credit card numbers to go directly to a payment processor and to interact only with a secure token. We've brought the same concept to passwords.
With AuthRocket, it's possible for passwords to never go through your servers. Even if you host your own login and signup forms, use authrocket.js to convert passwords into a signup token which can safely be sent through your server.
Ready to eliminate your authentication woes?