Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!

No-Code Rules Engine

Create rules and policies with no engineers.

Optimize your customer experience and manage risk with fine-grained control of your customer journeys with our powerful no-code rules engine.

Start building rules

Trusted by

What is an authentication rules and policy engine?

Authsignal's no-code rules and policy engine enables engineering and product teams to seamlessly balance customer experience and security. Leveraging conditional logic, trusted users enjoy good customers flows while bad actors are stopped in their tracks—all without writing a single line of code.

IP/NetworkDevice
User AgentUserCryptoCard Bin
Cross Action ContextCustom Metadata

Build powerful rules with our ready-to-use data points.

We're always expanding our rule set—create a free account to see the growing list of rules in action.
IP/Network
IP country codes

Matches the IP address country code against a set of selected country codes.

IP is anonymous

Matches the IP address against a list of known anonymous exit codes, VPN, Tor, and Proxies.

Atypical travel

The IP address corresponds to a location outside the normal range of the user's previously verified location.

Impossible travel

The IP address corresponds to a location outside the normal range of the user's previously verified location, and the distance between the locations could not feasibly have been traveled within the time range by any commercial flight.

IP country code in OFAC list

The IP address belongs to a country code included in the OFAC list published by the US government.

IP address

The IP address associated with the tracked action.

IPv4 CIDR range

Match on CIDR range.

IPv4 is in whitelist

Matches the IP address against an IP address whitelist.

IP is unrecognized

Matches the IP address against a list of previously authorized IP addresses.

Device
Device is a bot

Detects if the device user agent is a known bot.

Device is new

A device is new if it has not been previously seen or authenticated.

Device count

The number of devices attributed to the user.

Last authenticated at

The time period at which a device was previously authenticated at.

Last verification method

The last verification method was previously used to authenticate.

User Agent
Operating system

The operating system of the device.

Browser engine

Browser engine being used.

Browser

Browser being used.

User
UserId

The ID of the user associated with the tracked action.

Email address

The email address of the user associated with the tracked action.

Phone number

The phone number (E.164) of the user associated with the action.

Enrolled authenticators

A list of the user’s enrolled authenticators.

The number of enrolled authenticators

The number of authenticators the user has enrolled.

Has previously verified

The user has previously completed at least 1 successful challenge.

Crypto
Wallet address

The wallet address sent in the track action call.

Asset code

The asset code for the crypto asset e.g. BTC/ETH.

Asset amount

The amount for the given transaction in the asset’s denomination.

Asset amount (USD)

The amount for the given transaction in US dollars.

Address is sanctioned

The boolean flag indicates whether the address is on a sanctions list (Chainalysis).

User ID Risk Score (Chainalysis)

The overall score of the User ID is LOW, MEDIUM, HIGH, or SEVERE from Chainalysis KYT.

Card Bin
Card issuer country code

Matches card issuer country code against a set of selected country codes.

Card issuer name

The name of the card issuer.

Card funding type

The funding type, Credit, Debit, Prepaid.

Card brand

The card scheme brand e.g. Visa, Mastercard.

Cross Action Context
Dynamically reference other tracked actions via window aggregations

Reference another action based on the count of occurrences (e.g. emailChanged in the last 1 hour).

Custom Metadata
Transaction metadata

Any available metadata at the point of transaction/action of types; String, Number or Boolean (e.g. transaction information amount, internal risk scoring).

User metadata

User level persistent metadata of types; String, Number or Boolean (e.g. CRM related data, customer group, customer attributes).

Build powerful rules with our ready-to-use data points.

Inject custom dataDeviceUser AgentCryptoUserCross Action contextCustom metadata

Inject custom data

IP Geo/Country code
Geo-IP match.
IP Anonymous origination
Matches the IP address against a list of known anonymous exit codes, VPN, Tor, Proxies.
Atypical travel
The IP address corresponds to a location which is outside the normal range of the user's previously verified location.
Impossible travel
The IP address corresponds to a location which is outside the normal range of the user's previously verified location, and the distance between the locations could not feasibly have been traveled within the time range by any commercial flight.
IP country code is in OFAC list
The IP address belongs to a country code which is included in the OFAC list published by the US government.
IPv4 Address
String match on IPv4 address.
IPv4 CIDR Range
Match on CIDR range.

Device

Device is a bot
Detects if the device user-agent string is a known bot.
Device is new
Never before seen device that has not been previously authenticated.
Device count
The number of devices attributed to the user.
Device last authenticated at
The timestamp of which a device was last previously authenticated, creates rules to enforce challenges for previously authenticated devices based on a time period, i.e. 1 hour ago, 1 day ago etc.
Device user count
The number of users that have been associated with the device.
Is Jailbroken
Indicates if there’s a signal that the device is using a jailbroken OS.
Is using an emulator
Indicates if there’s a signal that the device is using an emulator.

User Agent

Operating System
The operating system of the device.
Browser Engine
Browser engine being used (e.g. Webkit etc).
Browser
Browser being used (Chrome, Safari).

Crypto

Wallet address
Wallet address (string match).
Asset code
Crypto asset code (e.g. ETH, BTC).
Asset amount
The amount for the given transaction in asset denomination.
Asset amount (USD)
The amount for the given transaction in US dollars.

User

User ID
The ID of the user associated with the tracked action.
Email Address
The email of the user associated with the tracked action.
Enrolled authenticators
Number of authenticators enrolled.
Type of enrolled authenticators
Type of Authsignal authenticators enrolled (e.g. SMS, TOTP, PASSKEY).
Has previously been verified
Has the user completed at least 1 successful challenge.

Cross Action context

Dynamically reference other tracked actions via window aggregations
Reference another action based on the count of occurrences (e.g. email changed in the last 1 hour).

Custom metadata

Transaction metadata
Any available metadata at the point of transaction / action of types:
• String
• Number
• Boolean
(e.g. transaction information amount, internal risk scoring).
User metadata
User level persistent metadata of types:
• String
• Number
• Boolean
(e.g. CRM related data, customer group, customer attributes).

Features

Passwordless

Learn more

User Observability

Learn more

Ready to uplift your security? Connect with one of our experts.
Thank you! One of our team will be in touch.
Oops! Something went wrong while submitting the form.

Resources

How to Build a Secure Authentication Chain: Avoid Passkey Pitfalls and Enhance User Experience.
March 3, 2025
Learn how to build a secure authentication chain and avoid common passkey pitfalls. Discover key strategies to enhance security and user experience with passkeys and protect every stage of the authentication process.
Authentication Chain
No-code rules engine
Passkeys
Passwordless authentication
Adaptive MFA for Auth0: Customize MFA UX to reduce consumer friction without upgrading your plan.
March 3, 2025
In this blog post, we will dive deeper into how you can fine-tune the MFA user experience with only some minor tweaks to your integration code.
Guides
Auth0 integration
Risk based authentication
Flexible multi-factor authentication
Best Practices for Call Center Authentication & Fraud Prevention - Authsignal
March 3, 2025
Learn call center authentication best practices, including passive methods like FIDO2 passkeys and biometrics, to enhance security and prevent fraud.
Call center authentication
FIDO2
Account takeover
Deep fakes
View all articles

Authsignal is multi-factor authentication (passwordless authentication) as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOC
LinkedInTwitter
Passwordless / Multi-factor Authentication (MFA)
Pre-built UI (Low code)UI Components (Customizable)Custom UI (Flexible)
Why Authsignal?
Drop-in Authentication
PasskeysBiometric AuthenticationWhatsApp OTPSMS OTPEmail OTPMagic LinksAuthenticator Apps (TOTP)Push NotificationsPalm Biometrics
Rules and Policies Engine
User Observability
Industries
Financial Services
Marketplace
e-Commerce
FinTech
Crypto
View all Industries
Use Cases
Account Takeovers (ATO)
Go Passwordless
SMS Cost Optimization
Compliance
Existing Apps
View all Use Cases
Identity Providers (IDPs)
AWS Cognito
Auth0
Azure AD B2C
Duende IdentityServer
Keycloak
NextAuth.js
Integrations
C#
Java
Node.js
Open ID Connect (OIDC)
PHP
Python
React
Ruby
Ruby on Rails
Supabase
Compare
Twilio vs AuthsignalAuth0 vs Authsignal
Resources
BlogDeveloper DocsSolutions MarketplaceKnowledge BaseFree Figma Mobile Passkeys TemplateFree Figma Desktop Passkeys TemplateFree Figma WebApp Passkeys TemplatePress ReleasesAboutContact
What is
Passwordless Authentication
What is MFA (Multi-Factor Authentication)?
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2024 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies