Introduction
Last updated 12/06/2025
What is Authentication?
Authentication is the process of verifying the identity of your users to your application before they can log in. It ensures that only authorized users can interact with your application, thereby protecting data and maintaining system integrity.
Authentication serves as the first line of defence in cybersecurity. By confirming your users, it prevents unauthorized access to your application, ensuring that only legitimate users can perform actions with your application.
Authentication in Five
Authentication can be set up with Five or an external provider. Single Sign-On (SSO) methods allow users to authenticate once and gain access to various applications without re-entering credentials. The documentation here explains how to set up your authentication with Five.
By default, your application is set to password-based by Five. This is the most traditional method, where users provide their username and a secret password to verify their identity. While widely used, there are stronger methods to protecting your application such as Two Factor Authentication (TFA), which is supported in Five.
If you are using email as either your primary or secondary authentication, you will need to have your SMTP settings saved in Five. If you are using text message as either your primary or secondary authentication, you will need to have a Twilio account and provide your account details in the Server Options field.
Understanding the Authentication Page
The Authentication page has three fields and each of these fields can use several authentication methods.
Logon Identifier
The logon identifier, identifies the user logging in. This is used in conjunction with the primary authentication and optionally the secondary authentication. The logon identifer can be a user's username, email, or phone number. No configurations for email or phone number are required for the logon identifier, however, if their email or phone number is used as their logon identifier, you must set their email address and phone number on their user record in your application.
Primary Authentication
Primary authentication is the initial step in the process of verifying a user's identity before granting access to your application. After a user has entered their logon identifier, they must then enter their primary authentication. This can be a password, an email, or a text message. When using an email as the primary authentication, your SMTP settings must be set in Five and you must set the user's email address on their user record in your application. When using a phone number as the primary authentication, you must have a Twilio account and set your Twilio values in the Server Options field in Five, and set the user's phone number on their user record in your application.
Secondary Authentication
Secondary authentication, also known as Two Factor Authentication (TFA) is an additional layer of security you can use for your application to verify a user's identity after the primary authentication. This can be an email, a text message, or authenticator. When using an email as the secondary authentication, your SMTP settings must be set in Five and you must set the user's email address on their user record in your application. When using a phone number as the secondary authentication, you must have a Twilio account and set your Twilio values in the Server Options field in Five, and set the user's phone number on their user record in your application. When using authenticator as the secondary authentication, your users must have an Authenticator App.
Before Editing the Default Authentication Method
Before you edit any of the default settings set by Five, you will need to deploy your multiuser application and ensure that at least the Administrator user of your application has their phone number and email on their user record.
Edit the Admin User Record
1. Deploy your multiuser application.
2. Sign in to you application using your username and password.
3. Select the Users menu item.
4. Select the admin record in the list.
5. Either click the Edit button in the form app bar or click directly in the Email field.
6. Type the admin email in the Email field.
7. Type the admin phone number in the Phone No field.
8. Click the Save button in the form app bar.
