/
Contact usSee pricingStart building

    About B2B Saas Authentication

    Introduction
    Stytch B2B Basics
    Integration Approaches
      Full-stack overview
      Frontend (pre-built UI)
      Frontend (headless)
      Backend
    Next.js
      Routing
      Authentication
      Sessions
    Migrations
      Overview
      Reconciling data models
      Migrating user data
      Additional migration considerations
      Zero-downtime deployment
      Defining external IDs for members
      Exporting from Stytch
    Custom Domains
      Overview

    Authentication

    Single Sign On

    • Resources

        • Overview
        External SSO Connections

    • Integration Guides

        • Start here
        Backend integration guide
        Headless integration guide
        Pre-built UI integration guide
    OAuth

    • Resources

        • Overview
        Authentication flows
        Identity providers
        Google One Tap
        Provider setup

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Connected AppsBeta
      Setting up Connected Apps
      About Remote MCP Servers

    • Resources

        • Integrate with AI agents
        Integrate with a remote MCP server
    Sessions

    • Resources

        • Overview
        JWTs vs Session Tokens
        How to use Stytch JWTs
        Custom Claims

    • Integration Guides

        • Start here
        Backend integration
        Frontend integration
    Email OTP
      Overview
    Magic Links

    • Resources

        • Overview
        Email Security Scanner Protections

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Multi-Factor Authentication

    • Resources

        • Overview

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Passwords
      Overview
      Strength policies
    UI components
      Overview
      Implement the Discovery flow
      Implement the Organization flow
    DFP Protected Auth
      Overview
      Setting up DFP Protected Auth
      Handling challenges
    M2M Authentication
      Authenticate an M2M Client
      Rotate client secrets
      Import M2M Clients from Auth0

    Authorization & Provisioning

    RBAC

    • Resources

        • Overview
        Stytch Resources & Roles
        Role assignment

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
    SCIM

    • Resources

        • Overview
        Supported actions

    • Integration Guides

        • Using Okta
        Using Microsoft Entra
    Organizations
      Managing org settings
      JIT Provisioning

    Testing

    E2E testing
    Sandbox values
Get support on SlackVisit our developer forum

Contact us

B2B Saas Authentication

/

Guides

/

Authentication

/

Email OTP

/

Overview

Email One-Time Passcodes (OTP) overview

Email OTP is a secure, seamless passwordless authentication option.

When a user logs in via Stytch's Email OTP product, Stytch generates a one-time passcode and sends it to the user's email address. The user authenticates their identity by retreiving the code from the email and providing it back to your application, at which point Stytch verifies whether or not the code is correct.

API objects and endpoints

API ResourcesDescription
OrganizationA top-level tenant that groups members, auth settings, roles, and other identity configurations.
MemberRepresents an authenticated user who is a member of a specific Organization.
Email OTPA collection of Email OTP endpoints for login and signup.
Member SessionA managed session that tracks a Member's logged-in state using JWTs or session tokens.

How it works

In Stytch's B2B product there are two different versions of the Email OTP authentication flow:

  1. Discovery Authentication: used for self-serve Organization creation or login prior to knowing the Organization context
  2. Organization-specific Authentication: used when you already know the Organization that the user is trying to log into

Both flows support Email OTP. However, the Discovery flow involves one additional step to surface the user's "discovered Organizations" that they are eligible to log into and also allows self-serve Organization creation.

Learn more about Discovery vs. Organization-specific authentication in our B2B Basics Overview.

Benefits of Email OTP in B2B

Reduces risk of password breaches

Even in corporate environments, users notoriously use easy-to-crack passwords and reuse easy-to-remember passwords across multiple sites. By offering an email-based login method instead of passwords, you reduce the risk that user accounts will be compromised via data breaches at other companies.

Provides strong guarantee of email ownership

In B2B applications where access to an Organization is tied to corporate email addresses, verifying that the user currently has active ownership over that email is a much stronger guarantee of identity than an email + password combination, which a user could retain after leaving the company.

Provider agnostic

Email OTP is a great complementary option to other popular passwordless login methods like Google or Microsoft OAuth, as it does not depend on the user having an account with a specific email provider.

API objects and endpoints

How it works

Benefits of Email OTP in B2B