Clerk provides various options for setting up a sign-up flow. These options are configurable from the Clerk Dashboard. When a new application is created, you will be presented with the following screen:
In addition to the application name set for your instance, there will be standard authentication options to choose from: identifiers, authentication strategy, social login, and Web3 authentication.
You can always make changes to your sign-up options after your application has been created by visiting the Dashboard and navigating to User & Authentication settings.
From the application configuration screen, you must choose one of the following identifiers: email address, phone number, or username. You can select multiple identifiers if you like, but at least one is required to continue.
Email address is the most common primary identifier. During the sign-up process, a user must supply and verify their email address. They must keep an email address on their account at all times. However, the email address that was used for registration can be later changed from the user's profile screen.
When phone number is selected as the identifier, users will sign up with their mobile phone numbers and receive an SMS text message with a code to verify their phone number. (Note: SMS authentication is a premium feature and is not available on the Free plan. Upgrade your plan to enable this feature.)
Choosing usernames as the identifier enables users to sign up without requiring personal contact information. A username should be from 4 to 64 characters in length and can contain alphanumeric characters, underscores (_), and dashes (-).
If you opt not to collect any contact information, you could choose Usernames and later turn it off in settings and only authenticate with an OAuth social provider.
Choose authentication strategy
There are two available authentication strategies to choose from: password or passwordless.
Choosing a password strategy requires users to set a password during the sign up process. Clerk offers out of the box protection against weak and leaked passwords and the only requirement enforced is that the password be a mimum of 8 characters. Note that passwordless authentication is still available to users even if password strategy is selected. For more information on how to set up password-based authentication, check our detailed guide.
Choosing a passwordless strategy involves a user signing up with an email address or phone number and then receiving a one-time verification code to complete the authentication process. While a one-time code is the default passwordless option, an email verification link (also known as a magic link) is another passwordless authentication option that can later be enabled in settings.
Choose social login providers
Clerk offers a number of Social Login providers that can be used during sign up and sign in. What makes the OAuth with Social Login providers appealing is that users often won't need to enter additional contact information since the provider already has it. The Social Login process is smart enough to automatically convert the sign up process of an existing user into a sign in flow, and the reverse is also true.
For each provider, Clerk offers a shared profile that can be used for development instances. This makes it easy to get up and running and test your Social Logins right away. However, production instances must use a custom profile with your own credentials.
Choose Web3 authentication
Clerk provides Web3 authentication as an option with MetaMask. As part of validating the accuracy of the returned Web3 account address, Clerk handles the signing of a transaction and verifying the signature. Because sign in with MetaMask uses the same abstraction as our other authentication factors like passwords or magic links, other Clerk features like multi-factor authentication and profile enrichment work for MetaMask users out-of-the-box.
Set multifactor authentication
Although not available as an option in the initial new application screen, you can opt to turn on multifactor authentication (MFA) from the configuration screen in the Clerk Dashboard.
Currently, the only supported authentication factor is SMS verification code. This method of multifactor authentication will send a one-time verification code to a mobile phone number in order to complete the sign-in process.
After enabling multifactor authentication in your instance settings, each user will need to enable it via their user profile in order to use it.
Set sign-up restrictions
The allowlist feature allows you to control who can get access to your application. It can restrict sign ups to only a certain set of email addresses or phone numbers that you define. Enable this feature by navigating to the Sign-up restrictions screen in the Clerk Dashboard.
After turning on the allowlist feature, you can add individual email addresses and phone numbers, or whitelist entire email domains.
For example, if you add
clerk.dev as an allowed email domain, it means that anybody with a
@clerk.dev email address can sign up for your application. Email addresses from different domains will not be able to sign up.