Make sign in easy

However you choose to authenticate users, <SignIn/> delivers a familiar, low-friction flow.

• "Last used" authentication hints for returning users
• Automatic account linking when a user chooses a new method
• Seamless autofills from operating systems and password managers

Automatically require the right level of verification, based on user choice, device trust, and policy.

• Self-serve setup via <UserProfile/>
• New devices will trigger an extra factor to prevent credential stuffing
• Optionally, require multi-factor for all users

Enterprise SSO is supported with either SAML or OIDC.

• Enterprise users are routed to their identity provider based on their email domain
• First-class support for common providers like Okta, Entra, and Google
• Universal support via the SAML or OIDC protocols

If you don't want a separate sign-up page, <SignIn/> can handle sign-in for returning users, and sign-up for new ones.

• 1
  A new user visits your sign in page, and attempts to authenticate without an existing account.
• 2
  The sign-in component automatically shows the sign-up form to onboard the user without the need for a dedicated page.
• 3
  Alternatively, the user attempts to sign in with Social SSO. Clerk automatically populates their profile with the data from their chosen provider and creates an account in a single step.

Different industries have different expectations for session lifetimes. Clerk supports them all.

• Maximum lifetime sets an absolute cap on session duration
• Inactivity timeout expires a session after a period of inactivity
• Short-lived tokens with seamless refresh secure sessions

Stop bots and bad actors before they get in with advanced fraud protection.

• Invisible CAPTCHA enabled by default
• Automatic rate limits per device and IP
• Immediate notification of unauthorized sign-in attempts