Email-based Magic Login
Magic login is a great way for users to login when you don’t have the ability to implement product SSO. We always recommend product-based SSO when possible, but sometimes it’s just not an option.
Enable Magic Login
Access https://app.cloveapp.io/hubs/j/magic-login to turn on magic login. In addition, visit your theme settings at https://app.cloveapp.io/hubs/j/theme/settings and turn on the “Show Magic Login?” option. (This applies only if you’re using a Clove-provided theme.)
Make sure to disable “Show Login?” You cannot have both active at once.
Enable for an Organization
Users are logged in using their email domain. You must setup magic login mappings on each organization to enable this. If the user's email domain is not found, they'll receive an email letting them know it's not setup for them.
Go to an organization’s detail page and access the “Users” tab. “Add Magic Login Domain” to map a domain to that organization.
An organization can have multiple domains, but each domain can only be used once. This ensures users can only access the correct organization.
Once enabled, customers can click the “Login” button in your hub. They will see a modal that allows them to enter their email address. Once your user enters their email address, they will receive an email from Clove that contains their access URL.
If the user enters a domain that isn’t mapped, they will still receive an email. The email will contain an explanation that email-based login is not enabled for them. This is a little annoying at first, but is necessary for security reasons.
We follow a simple process to identify the user. The “mapped organization” is the organization that has magic login enabled for the user’s email domain.
- Lookup a user based on the “external identifier” field
- Lookup the user based on their email address. This will only return a user at the mapped organization
- Create a new user with an “external identifier” of
magic:email@example.com the provided email address. The user will be added to the mapped organization
We use the mapped organization whenever possible to ensure maximum security.
Customize Magic Login Emails
You cannot change the email text or design, but you can change your hub’s display name or the email address that will receive replies. We recommend setting your email reply address to something like
firstname.lastname@example.org to ensure that users can reach out to you if they don’t have access.