App settings

When setting up your app, there are a number of things relating to authentication, security, and sessions that you need to take in mind before going live. After all, you want your users to have a safe experience using your app.

Frontegg makes this easy but putting all your app settings in one place. Here, you can decide on things like multi-factor authentication, email verification, and more technical stuff like token expiration. But we'll get deeper into each one.

Getting to App Settings

In the Frontegg Portal, head to the builder. In the top left corner of your screen, you should see two tabs: App Settings and Experience.



Multi-factor authentication (MFA) requires users to use 2 factors of authentication to gain access to a resource, such as an application or online account. It's here in App Settings that you can set up the general MFA requirements. Read more.

Identity Protection

As a group, identity protection settings allow you to increase account security by requiring additional proof of identity beyond the typical login credentials. Read more.

  • Email Verification

    Enable Email verification to ensure users use a real email address that belongs to them. Read more.

  • Recaptcha

    reCAPTCHA is an invisible protection layer for your app that stops fake users but lets the real ones in. Unlike older versions of reCAPTCHA, version 3 (which Frontegg uses) requires no user action so there is no friction added to your sign up flow. By toggling reCAPTCHA on in the App Settings, it will check all users are real on signup and login. Read more.

  • Device Fingerprinting

    Just like a fingerprint, all devices have a certain uniqueness that allows us to differentiate them. Using this uniqueness, we can warn users when their account is accessed from a device they haven't used before - a device with a unique, unrecognized fingerprint. Read more.

Password and Passwordless

If one of your authentication methods on the login page is password authentication, make sure you secure it with the following security options:

  1. Password complexity
  2. Password strength meter
  3. Exposed credential detection
  4. Password repeat protection
  5. Brute force protection

Read more about the password security option in this guide

For passwordless authentication, you can manage the code expiration time.

Token Expiration

For better session security, set up the following token expiration -JWT token expiration and Refresh token expiration located under "Token expiration" tab.

Session Management

Session management allows your accounts to control how user sessions behave. We provide you with three session management options

  1. Idle Session Timeout
  2. Force Relogin
  3. Maximum Concurrent Sessions

Read more about session management configurations here