Hi,
Looking thru your forum. I understand that for B2B, a Passwordless with Email OTP login flow is not available because it’s discouraged due to security concerns. I also saw a post on a “discovery flow” used for organizations. But in my case, our organizations may be very small and their users may only have a yahoo or gmail address instead of a company address. We would like to skip a discovery flow and instead disallow self-registrations, and allow users to join by invitation only with their personal email address. Also, we do not want users to keep passwords, but instead use an SMS or Email OTP to login.
Is this possible at all? Can it be made possible?
Thanks,
Laura
Hey Laura,
Happy to answer your question here!
For some context about our B2B offering, Members in Organizations are uniquely identified via their email address. Hence, their email must be verified in order for Members to be marked active and the primary authentication must be email-based.
While we don’t currently support Email-based OTP, you can achieve the 1) invite-based flow and 2) passwordless authentication through our Organization-based send invite email endpoint.
Only the email addresses you specify in that endpoint will be invited and they can log in via magic links in the future, hence achieving a passwordless flow since they just need to click on the magic link.
Best,
Chaeyoon
Stytch Developer Success