Subflows, security questions, and other product updates

Auth Thoughts is a monthly newsletter produced by Team Descope, the collective consciousness of everyone at Descope. Read on for product updates, tutorials, and a monthly roundup from the world of identity and authentication.

Descope changelog

To paraphrase a quote from Dory the forgetful fish: “Just keep shipping”. Here are some of the latest product updates from Descope:

?? Subflows

Fans of Lego and Russian dolls, this one’s for you! Our subflows feature allows customers to abstract out a flow as a single building block and include it in another flow. For example, the reset password process (which is a flow in itself) can now be added as a step in your signup and login user journeys.

?Security questions

Customers can now ask their end users security questions as a second auth factor, in post-authentication scenarios like step-up, or as an extra check during password resets for security reasons. Pro tip: we would recommend NOT creating questions that cybercriminals can find the answers to online! You can read more about security questions in our docs.

?? Other updates

• A combined email / phone component that accepts both values as login identifiers.
• Single and multi-select components (like dropdowns) now support dynamic values, allowing you to bring in data from third-party or internal services to display in the flow.
• Custom password throttling configuration that allows for temporary and permanent account locks.

Keep an eye on our changelog for ongoing product announcements. Have questions? Join our community and visit the #ask-a-descoper channel.

Join our next monthly demo

What do you mean "you can't build auth with MFA and progressive profiling in 15 minutes?"

With Descope, Co-Founder Gilad Shriki can and will. Join our next monthly demo where Shriki will:

• Setting up a variety of auth and MFA methods
• Configuring adaptive MFA based on risk factors
• Weaving in data and actions from third-party connectors

Catch November’s demo recording or register for the next one!

Developer central?

Looking for help on how to integrate Descope for a particular framework or general auth best practices? Our DevRel team and developer community have you covered.

?? Add auth to Unity VR: This blog goes through how to add Descope-powered social login with Google and Discord to a Unity VR app.

??Custom phone number validation: This cool use case from Nick Harris integrates with Cloudflare Workers to validate phone numbers in real-time and check for typos.

?? Add auth and RBAC to Webflow: This tutorial covers how to add email OTP, social login, and role-based access to a Webflow site with Descope.

Customer spotlight: Navan

When your MFA implementation hits just right, users don’t feel any friction but still get the right level of security based on their risk level. This is the MFA vision Navan–a multinational travel and expense management company–had in mind.

Descope helped make that vision a reality with:

? Fast implementation (4 days to prod)

? Auth method flexibility?

? Interoperability with existing auth systems

Read Navan’s story

Helpful resources

Thanks for reading Auth Thoughts! If you’d like any other updates from the world of identity and authentication included in this newsletter, please let us know in the comments below.

Here are some other links to have handy:

??? Sign up for a Descope Free Forever account

?? Auth Thoughts to share this newsletter with others

?? Developer blogs for tutorials with specific frameworks or auth methods

?? Documentation, for setup guides, SDK code snippets, and more

See you next month!