Authentication Choices

The Users service supports the following sign-in methods:

Email + Password

Users sign in with an email address and a password. These will be stored in the email and password_hash columns of the Users table. The password is hashed with the industry standard bcrypt algorithm, which means that knowing the password_hash does not tell you the password. (You should still keep the hashes secret, to avoid brute force attacks on weak passwords; you can enable ‘Require secure passwords’ to help mitigate this too.)

If email confirmation is enabled (the default), a user cannot use their account until they confirm ownership of their email address by clicking a confirmation link.

A user can reset their password by confirming ownership of their email address. If authentication fails, the built-in log-in form (login_with_form()) will offer a password reset option. If you are not using the built-in log-in form, see below for instructions on using anvil.users.send_password_reset_email().

Email + password authentication is enabled by default.

Sign in with Google

Users sign in with a Google account. Their identity is stored in the email column of the Users table. (This means that a user who registers with “Email + Password” can then sign in with Google if the email address is the same.)

Google authentication is disabled by default. If you enable Google authentication, the Google Service will be added to your app automatically for you as well.

Sign in with Facebook

Users sign in with a Facebook account.

Facebook authentication is disabled by default. If you enable Facebook authentication, the Facebook Service will be added to your app automatically. You need to register your app in the Facebook for Developers Console, see Connecting Facebook to Anvil for a step-by-step guide.

Sign in with Microsoft

Users sign in with a Microsoft account.

You can choose who can log in:

  • Users with any Microsoft account
  • Users in your own Azure Active Directory tenant

You configure this when you connect Microsoft Azure to Anvil - see Connecting Azure to Anvil for a step-by-step guide

Microsoft authentication is disabled by default. If you enable Microsoft authentication, the Microsoft Service will be added to your app automatically. You need to register your app in the Microsoft Azure Console, as explained in Connecting Azure to Anvil.

Local Active Directory

Anvil can authenticate users against your organisation’s Active Directory. This means you can easily re-use your existing security investments for your business applications.

This is available on our Enterprise plans. Please email contact@anvil.works for more information.

Client certificates

Anvil can authenticate users using X.509 client certificates or PKI (Public Key Infrastructure). This means you can easily re-use your existing security investments for your business applications.

This is available on our Enterprise plans. Please email contact@anvil.works for more information.