Frequently Asked Questions

Simple Login is a hosted authentication service that provides secure login, registration, and user management for your applications. Instead of building auth from scratch, you integrate our SDK and let us handle the security complexity.

Install our SDK, point users to your hosted auth pages, and call getUser() to check authentication. We handle login, registration, sessions, and security. Your app just needs to know who is logged in.

Most developers have basic authentication working within 15 minutes. Full integration with OAuth providers, email verification, and custom branding typically takes a few hours.

No. Simple Login manages user authentication separately. Your application database stays unchanged. We provide user IDs that you can reference in your own data.

Simple Login works with any backend that can make HTTP requests. We provide official SDKs for JavaScript/TypeScript, Python, and Go. REST APIs are available for other languages.

Security is the whole point. We use industry-standard encryption, secure session handling, and follow OWASP best practices. Your users' credentials are safer with us than in a DIY auth system.

Passwords are hashed using Argon2id, the current industry standard. We never store plaintext passwords. Hash parameters are automatically upgraded as security recommendations evolve.

We follow SOC 2 Type II controls and are GDPR compliant. Our infrastructure is hosted on AWS with encryption at rest and in transit. Security audits are conducted annually by third-party firms.

We implement rate limiting, account lockout after failed attempts, CAPTCHA challenges for suspicious activity, and IP-based anomaly detection. Credential stuffing attacks are blocked automatically.

Yes. Users can enable TOTP-based 2FA using apps like Google Authenticator or Authy. You can also require 2FA for all users or specific roles in your application.

Sessions use secure, httpOnly cookies with automatic rotation. Tokens expire based on your configuration. Users can view and revoke active sessions. Logout invalidates sessions across all devices if needed.

Email and password, magic links, OAuth providers (Google, GitHub, and more), and passwordless options. Enable what you need from the dashboard. No code changes required.

Yes. Upload your logo, set your brand colors, and use your own domain. The auth pages look like part of your product, not a third-party service.

Yes. We support Google, GitHub, Microsoft, Apple, Twitter, LinkedIn, and more. Configure providers in the dashboard and they appear on your login page automatically.

Magic links let users log in by clicking a link sent to their email, no password required. This is more secure than passwords for many use cases and improves user experience.

Yes. A user can link their account to email/password, Google, GitHub, and other providers simultaneously. They can log in using any linked method.

Yes. Magic links and WebAuthn (passkeys, biometrics, security keys) are supported. You can run fully passwordless or offer it as an option alongside traditional login.

Multi-tenancy lets your application serve multiple organizations from a single deployment while keeping their data separate. Each organization has its own members, roles, and settings.

Admins invite members by email. Invitees receive a link to join. If they already have an account, they are added immediately. If not, they create an account and join automatically.

Default roles include Owner, Admin, Member, and Viewer. You can create custom roles with granular permissions. Role checks are available via the SDK and API.

Yes. Users can be members of multiple organizations with different roles in each. They can switch between organizations without re-authenticating.

Billing is per-organization with seat-based pricing. You can set up different plans with different seat limits. Stripe integration handles subscription management automatically.

Call getUser() from our SDK. It returns the user object if authenticated, or null if not. The SDK handles token validation, refresh, and session management automatically.

Yes. Mobile apps can use our OAuth flow with deep links or open the auth pages in a webview. Native SDKs for iOS and Android are on our roadmap.

Yes. Webhooks notify your backend of events like user signup, login, password change, and team membership changes. Use them to sync data or trigger workflows.

Yes. Add custom fields to registration forms, require email verification, or use webhooks to validate signups against your own rules before allowing account creation.

The SDK provides the authenticated user object. For server-to-server calls, use our Admin API with your secret key to look up users, manage accounts, and sync data.

We maintain 99.9% uptime SLA. Sessions continue to work during brief outages because tokens are validated locally. For extended outages, we provide status updates and incident reports.

Yes. We support bulk user imports and can work with most password hash formats. Your existing users will not need to reset their passwords.

Export your users and password hashes. Import them via our Admin API. Update your app to use our SDK. Redirect your auth endpoints to Simple Login. We provide migration guides for common setups.

Yes. We provide migration guides and tools for major auth providers. Most migrations can be done with zero downtime and no password resets required.

We support bcrypt, Argon2, scrypt, PBKDF2, and SHA-256 with salt. If you use a different format, contact us and we can likely accommodate it.

No. Migrations are designed for zero downtime. Users can continue logging in during the transition. You can run both systems in parallel until the migration is complete.

Yes. The free tier includes up to 1,000 monthly active users with all core features. No credit card required to start.

Pricing is based on monthly active users (MAU). A user counts as active if they authenticate at least once during the billing period. Inactive users are not charged.

Paid plans include higher MAU limits, multi-tenancy, advanced analytics, priority support, SLA guarantees, and features like SSO and audit logs.

Yes. Upgrade or downgrade anytime. Changes take effect immediately. Upgrades are prorated. Downgrades apply at the next billing cycle.

Yes. Enterprise plans include custom MAU limits, dedicated support, custom SLAs, on-premise options, and volume discounts. Contact us to discuss your needs.