What is Transactional Auth?

Transactional Auth is a complete authentication and identity platform that handles user management, login flows, multi-factor authentication, and enterprise SSO for your applications.

Instead of building auth from scratch, Transactional Auth provides:

End-User Management - Full user lifecycle management
OAuth2/OIDC Provider - Industry-standard authentication flows
Multi-Factor Authentication - TOTP, SMS, Email, and WebAuthn
Enterprise SSO - SAML and OIDC federation
B2B Organizations - Multi-tenant user management
Security Features - Brute force protection, audit logging, and more

Architecture

Your Application

Web App

Mobile App

API/M2M

↓

Transactional Auth

OAuth2/OIDC Server

↓

Users

Database

SSO

Connections

MFA

Factors

Key Features

User Management

Manage your application's end-users with:

Email and phone verification
Password management with security policies
User profiles and metadata
Account status management (active, blocked, pending)
Login history and tracking

OAuth2/OIDC Provider

Full OAuth 2.0 and OpenID Connect implementation:

Flow	Use Case
Authorization Code + PKCE	Web and mobile apps
Client Credentials	Machine-to-machine
Refresh Token	Token renewal with rotation

Application Types

Create applications for different use cases:

Type	Description
SPA	Single-page applications (React, Vue, Angular)
Native	Mobile and desktop applications
Server	Server-side web applications
Machine	Service-to-service (M2M) authentication

Multi-Factor Authentication

Protect accounts with multiple MFA options:

TOTP - Time-based one-time passwords (Google Authenticator, Authy)
SMS - Text message codes
Email - Email verification codes
WebAuthn - Biometrics and security keys

Enterprise SSO

Connect to enterprise identity providers:

OIDC - OpenID Connect providers
SAML - SAML 2.0 identity providers
Pre-configured: Okta, Azure AD, Google Workspace, Auth0, OneLogin

B2B Organizations

Support multi-tenant applications:

Create organizations for your customers
Role-based access (Owner, Admin, Member)
Invite users via email
Organization-specific SSO
Domain-based auto-join

Security Features

Comprehensive security controls:

Password policies (length, complexity, breach detection)
Brute force protection with lockout
Session management (concurrent limits, timeouts)
IP allowlist/blocklist
Anomaly detection (new device, location)
Comprehensive audit logging

Getting Started

Create an Application - Set up your first OAuth application
Configure Authentication - Choose login methods
Add Users - Import or let users self-register
Enable MFA - Add multi-factor authentication
Set Up Webhooks - Receive authentication events

Use Cases

SaaS Application

Build a modern SaaS with:

Social login (Google, GitHub, Microsoft)
Email/password authentication
Optional MFA for security
Team/organization management

Enterprise Application

Meet enterprise requirements:

SAML/OIDC SSO integration
Mandatory MFA policies
Audit logging for compliance
Custom domains and branding

API Platform

Secure your API:

OAuth2 token-based authentication
API keys with scopes
Rate limiting by client
Machine-to-machine flows

Integration Options

Direct API

Use the Auth API directly for full control:

const user = await client.auth.users.create({
  email: 'user@example.com',
  password: 'SecurePassword123!',
});

Redirect users to our hosted login page:

const authUrl = client.auth.applications.getAuthorizationUrl({
  clientId: 'app_xxx',
  redirectUri: 'https://your-app.com/callback',
  scope: 'openid profile email',
});

Embedded Components

Embed login forms in your application with our UI components.

Next Steps

Quick Start - Add authentication to your Next.js app in 10 minutes
Better Auth (Advanced) - Complete integration guide with database schema and advanced features
Applications - Configure OAuth applications
Users - Manage end-user accounts
MFA - Add multi-factor authentication

Overview