UniAuth.ID
Account Setup
Getting StartedQuick StartAccount SetupConfigurationAuthenticationMulti-Factor AuthBackup CodesPassword PolicyRoles & PermissionsSessionsOAuth2 / OIDCDevice FlowTokensIntegrationsWebhooksSCIM ProvisioningSDKsReactNext.jsPHPAPI ReferenceError ReferenceRate LimitsSecurityRecovery PhraseOperationsDeploymentAdmin GuideChangelog

Account Setup

Your UniAuth account is your identity across every application that uses UniAuth for authentication. This guide covers everything from creating your account to managing your security settings, connected services, and developer applications.

Creating Your Account

Sign up at uniauth.id/signup with your email address and a strong password. You can also sign up using your Google or GitHub account for a faster onboarding experience.

  1. Enter your email address, first name, last name, and password.
  2. Your password is checked in real-time against a strength meter. It must score at least 2 out of 4 on the strength scale. Avoid passwords that contain your name or email.
  3. Click Create Account.
  4. Check your inbox for a verification email and click the confirmation link.

Tip: UniAuth checks your password against the HaveIBeenPwned breach database using k-anonymity (your password is never sent in full). If your chosen password has appeared in a known breach, you'll see a warning recommending a different password.

Email Verification

After signing up, you'll receive a verification email with a secure link. Click it to verify your email address. Email verification is required before you can:

  • Enable email-based two-factor authentication
  • Register OAuth applications in the Developer Console
  • Use your account to sign in to third-party applications

If you didn't receive the email, you can request a new verification link from your account dashboard.

Profile Setup

Your profile is shared with applications you sign in to (based on the scopes they request). Manage your profile at Account → Profile.

Personal Information

  • Display name — The name shown to applications. Falls back to first + last name, then email.
  • Username — A unique identifier (lowercase letters, numbers, hyphens, and underscores, 3-50 characters, must start with a letter).
  • Bio — A short description about yourself.
  • Date of birth — Optional. Used for age-related claims if requested.
  • Gender — Optional. Free-text field.

Professional Information

  • Company — Your organization or employer.
  • Job title — Your role or position.
  • Website — A personal or professional website URL.
  • Location — Your city, region, or country.

Address

Your address follows the OpenID Connect standard structured format. Applications that request the address scope will receive these fields:

  • Street address
  • City (locality)
  • State or region
  • Postal code
  • Country

Social Links

Add links to your GitHub, Twitter/X, and LinkedIn profiles. These are stored in your profile and can be shared with applications that request profile information.

Security Settings

Manage your security configuration at Account → Security. This is where you change your password, enable two-factor authentication, and manage passkeys.

Password Requirements

UniAuth uses a modern, intelligence-based password policy powered by the zxcvbn algorithm. Instead of arbitrary rules (like "must contain a special character"), your password is evaluated for real-world strength:

  • The strength meter scores passwords from 0 (very weak) to 4 (very strong).
  • A minimum score of 2 is required.
  • The algorithm penalizes passwords containing your email or name.
  • Common passwords, keyboard patterns, and dictionary words score poorly.

Changing Your Password

When you change your password, all other active sessions are automatically revoked for security. You will remain logged in on your current device only.

Enabling Two-Factor Authentication

Two-factor authentication adds an additional verification step after your password. UniAuth supports three methods:

  • TOTP — Use an authenticator app like Google Authenticator, Authy, or 1Password.
  • Email OTP — Receive a 6-digit code at your verified email address.
  • SMS OTP — Receive a 6-digit code via text message (requires a verified phone number).

You can enable multiple methods simultaneously and choose a default. For a detailed walkthrough, see the Multi-Factor Authentication guide.

Passkeys

Passkeys let you sign in without a password using biometrics (fingerprint, Face ID) or a hardware security key. They are the most secure and convenient authentication method available.

  1. Go to Account → Security and find the Passkeys section.
  2. Click Register Passkey.
  3. Your browser will prompt you to create a credential using your device's biometric sensor or security key.
  4. Give your passkey a name (e.g., "MacBook Touch ID" or "YubiKey") so you can identify it later.

Once registered, your passkey will appear in your browser's autofill suggestions on the login page. You can register multiple passkeys across different devices.

Tip: Passkeys are synced across your devices by your platform's credential manager (iCloud Keychain, Google Password Manager, Windows Hello). Register at least two passkeys on different devices for backup access.

Connected Services

Link your Google and GitHub accounts at Account → Connected Services. This enables:

  • Social login — Sign in with one click using Google or GitHub instead of entering your password.
  • Profile enrichment — Automatically import your name and avatar from your social account.
  • Account recovery — Use a connected social account as an alternative way to access your UniAuth account.

You can disconnect a service at any time. If you originally signed up with a social account and want to disconnect it, make sure you have set a password first so you don't lose access to your account.

Developer Console

The Developer Console at Account → Developer lets you register OAuth applications that use UniAuth as their identity provider. Each application gets a unique client_id and client_secret.

You can register up to 10 applications per account. For each application, you configure:

  • Application name — Displayed to users on the consent screen.
  • Redirect URIs — Allowed callback URLs (must be exact matches).
  • Application type — Confidential (server-side) or public (SPA/mobile).
  • Allowed scopes — Which user data your application can request.

For a complete integration walkthrough, see the Quick Start Guide.

Account Preferences

Customize your experience at Account → Settings. Available preferences include:

  • Language / Locale — Set your preferred locale for UniAuth and applications that support it. This maps to the OIDC locale claim.
  • Timezone — Your timezone preference, shared with applications via the OIDC zoneinfo claim.
  • Theme — Switch between light, dark, and system-default appearance.
  • Notification preferences — Control which email notifications you receive from UniAuth.

Exporting Your Data

UniAuth supports data portability. You can export a copy of all your personal data, including your profile information, activity logs, connected services, and registered applications. To request an export:

  1. Go to Account → Settings.
  2. Scroll to the Data & Privacy section.
  3. Click Export My Data.
  4. Your data will be prepared as a JSON file and downloaded to your device.

Deleting Your Account

You can permanently delete your UniAuth account at any time. This action is irreversible and will:

  • Delete your profile, credentials, and all personal data.
  • Revoke all active sessions immediately.
  • Revoke all OAuth tokens issued to third-party applications.
  • Delete all registered OAuth applications in your Developer Console.
  • Remove your connected social accounts (Google, GitHub).

To delete your account:

  1. Go to Account → Settings.
  2. Scroll to the Danger Zone section.
  3. Click Delete Account.
  4. Confirm by entering your password and typing your email address.

Important: Applications that you signed in to with UniAuth will no longer be able to authenticate you. You should contact those applications separately if you need to migrate your data before deleting your account.

Recommendation: Before deleting your account, export your data to keep a local copy of your information.