Back to Blog

AuthN in Minutes: MFA, EULAs, and Social Auth out of the Box

Keith Casey
Keith Casey

When we think about Authentication, every developer has one of two reactions:

The first is “I’ve got this'' and they quickly slap together a database and form and call it complete. Then they think about password hashing, account reset flows, and sending email. At this point they realize they need not just multi-factor but multiple multi-factor options and email templating. What started as a 1 point task has turned into a bottomless pit of effort driving them to the second reaction…

The second reaction is a little more thoughtful. We’ve struggled through email templating, session management, social authentication, and a hundred more requirements and then we’ve realized their lives are better spent on more interesting problems and we choose an Identity Provider.

At Pangea, we’ve been there, done that and we are done with it too.

Introducing AuthN

Today I’m happy to announce the general availability of our Authentication service.

At release, we support all the fundamental capabilities for secure and reliable authentication including scenarios like:

You can wire multi-factor authentication options ranging from simple email magic links to SMS to a TOTP provider. Flip a few toggles and we’ll handle the enrollment and prompting for you.

Then to expedite onboarding, you can add social authentication for Google and Github. We start you with a default configuration but you can add your own with just a few clicks.

To give you flexibility in your session management, you can choose between an opaque token or JWT and then include a refresh token to extend the session as you see fit.
And finally, while you can certainly build everything with our AuthN APIs and supporting SDKs, branding the Hosted Login flow - which includes all of these capabilities and more - will make authentication a 1 point task again.

One framework to code secure apps faster

Pangea was founded to be a suite of APIs to help you bake better security into every portion of your app and we’ve approached AuthN the same way. We’ve built our onboarding and authentication flows to support pluggable components to protect your configuration, your application, your authentication, and your users.

At launch, we’ve taken the first step by including our Vault Service to securely store and manage the credentials within your AuthN configuration. You can set your SMTP provider’s password, the client secret for your social auth providers, and even your captcha credentials once and manage them outside that flow going forward.

What’s Next

In our next release, we’ll embed our Threat Intelligence services into your user registration and authentication flows to protect your apps and users every step of the way. Threat Intelligence is a mutli-faceted set of capabilities.

First, we have the Embargo service to block access to your app from certain countries to enforce export and access restrictions. This is the simplest way to comply with legal requirements without changing your app.

The IP Intelligence service gives you the ability to identify VPNs, proxies, and even IPs associated with botnets to block bad actors before they become your users. Once we integrate our User Intelligence service, you can move beyond protecting your app and protect your users when their credentials were compromised elsewhere

All of these capabilities will activate when your users initially sign up and each time they authenticate. The best part is configuration of each embedded Intelligence service will be a few clicks and zero additional code. These features are in development right now and will be available before the end of the year.

We want to help you build secure apps faster and we believe our AuthN service is an important shift. Instead of plugging in our services piecemeal, having a single integrated component like AuthN gives you scalable, configurable security to protect your app, your users, and your organization.

Sign up and get started with MFA, Social Auth, and your first 5,000 monthly active users for free.

Get updates in your inbox and subscribe to our newsletter

background landmass

We were recognized by Gartner®!

Pangea is a Sample Vendor for Composable Security APIs in the 2024 App Sec Hype Cycle report