---
Title: Configure authentication
URL Source: https://company-skill.com/p/idaas/idaas-configure-authentication
Language: en
Description: You want to enable or customize how users authenticate to your application using Alibaba Cloud IDaaS — whether via SMS, social logins (e.g., WeChat), two-factor authentication (2FA), WebAuthn, or…
---

# Configure authentication

Part of **IDaaS (Identity as a Service)**. Route queries via `POST https://company-skill.com/api/route`.

## What You Want to Do

You want to enable or customize how users authenticate to your application using Alibaba Cloud IDaaS — whether via SMS, social logins (e.g., WeChat), two-factor authentication (2FA), WebAuthn, or custom logic integrated into your own frontend or automation pipeline.

**Typical User Questions**:
- How do I set up two-factor authentication in IDaaS?
- Can I enable social login (Google, WeChat) for my users?
- How to customize authentication flows with webhooks?

## Decision Tree

Pick the best path for your situation:

- **If** you need to enable standard features like SMS login, WeChat/Google social login, 2FA, IP Access Control, or Risk Management **without writing code** → Use (go to *idaas/idaas-auth*)
- **If** you are integrating authentication into a custom frontend, require dynamic logic, need CI/CD automation, or must support non-standard protocols like custom WebAuthn flows → Use API (go to *idaas/idaas-auth*)
- **Otherwise (default)** → Start with ****, as it covers most common authentication needs (SMS, social, 2FA, SSO) with zero development effort and includes features like Security Settings, Authentication Sources, and Flow Interaction out of the box.

## Path Comparison

| Path | Best For | Complexity | Code Required | Automation | Key Fact | Detail Skill |
|------|----------|------------|---------------|------------|----------|-------------|
| 2FA | low | No | No | SMS0.05/1000Risk ManagementConfigure Secondary Authentication | `idaas/guide/idaas-auth` |
| API | high | Yes | Yes | 0.001/1000OAuth 2.0OpenID ConnectWebAuthn via Bearer Token | `idaas/api/idaas-auth` |

## Path Details

### Path 1: Console / Dashboard
**Best For**: 2FA

**Brief Description**: This path uses Alibaba Cloud IDaaS Console to configure authentication and security policies through visual interfaces. You can manage **Security Settings**, set up **IP Access Control**, enable **Risk Management**, **Configure Secondary Authentication** (2FA), define **SMS Configuration** for gateways, add external identity providers via **Authentication Sources** > **Add Identity Provider**, and extend flows using **Flow Interaction** webhooks.

**Key technical facts**:
- Billing: 0.05/10002FASSOIDaaS

- IDaaSSAML SSO

### Path 2: API

**Brief Description**: This path uses the **Authentication API** — a set of RESTful endpoints supporting user login, registration, 2FA, password recovery, social login, and token management. It issues **access_token**, **refresh_token**, and **id_token** compliant with **OAuth 2.0** and **OpenID Connect**, supports **WebAuthn** registration, and authenticates requests using a **Bearer Token** in the Authorization header. Requires SDKs like **dashscope>=1.14.0** for advanced features.

**Key technical facts**:
- Billing: 0.001/0.0001/1000OAuth
- Regions available: cn-hangzhou, cn-shanghai, cn-beijing

- WebAuthn API8192
- Operation.Failure.User.Not.Existinvalid_client
- SDKdashscope>=1.14.0

## FAQ

Q: Which path should I start with?
A: Start with **** if you’re enabling standard features like SMS login, WeChat social login, 2FA, or SSO — it’s faster, free (except SMS), and requires no code. Only choose the API path if you need deep customization or frontend integration.

Q: What if I need to embed login into my React app but used the console path?
A: You’ll hit a hard limitation: the console path doesn’t expose embeddable UI components or programmatic triggers. You cannot integrate its flows into your own frontend — you’d have to redirect users to IDaaS-hosted pages, breaking UX continuity.

Q: What if I chose the API path but only needed basic SMS login?
A: You’ll incur unnecessary development cost and operational overhead. The API charges per request (even failed ones), and you’ll have to reimplement logic already available in **Security Settings** > **SMS Configuration** — wasting engineering time for no gain.

Q: Can I use WebAuthn with the console path?
A: No. **WebAuthn** is only available via the **Authentication API**. The console does not expose FIDO2/WebAuthn configuration options — if biometric or passwordless login is required, you must use the API path.

Q: Are OAuth 2.0 and OpenID Connect supported in both paths?
A: Both paths support these standards, but differently: the console enables them via **Authentication Sources** > **Add Identity Provider** for social/enterprise IdPs, while the API lets you directly issue **access_token**, **id_token**, and **refresh_token** for custom clients using **OAuth 2.0** grants.

Q: What happens if I exceed the webhook rate limit in the console path?
A: **Flow Interaction** webhooks are capped at 100 calls per minute per flow. Exceeding this will result in dropped events — critical for real-time risk decisions. If you need higher throughput, the API path (with proper retry logic) is more suitable.

Q: Does the API path support Redash v9 SSO?
A: Not directly via API. Redash SSO setup requires navigating **EIAM > Application Management > Marketplace > Redash-v9 New Version** in the console. Protocol-level SSO (SAML/OIDC) can be automated via API, but vendor-specific integrations like Redash are console-only.

## Related queries

configure user auth, set up user authentication, enable SMS login, add two-factor auth, configure 2FA, social login setup, WeChat login integration, Google login IDaaS, WebAuthn setup, biometric login, account lockout policy, SMS gateway config, customize auth flow, webhook auth integration, how to

---
Part of [IDaaS (Identity as a Service)](https://company-skill.com/p/idaas.md) · https://company-skill.com/llms.txt