App management

Apps are the fundamental components of Passage. They provide authentication solutions for a set of end users.

Organizations & apps

All apps are owned by an Organization. You can create multiple Passage apps, including separate apps for unrelated websites or different environments (for example dev, staging, and production).

App types

Embedded authentication

Embedded apps provide authentication solutions built into your web and mobile applications. There are two different types of embedded apps: Passkey Complete and Passkey Flex. Learn more about the difference between Passkey Complete and Passkey Flex.

Hosted authentication

Hosted apps provide authentication solutions on a Passage hosted login page. The Passage hosted login page is an OIDC-compliant identity provider. Learn more about how hosted authentication works (opens in a new tab).

App settings

All apps require the following values:

Field	Description
App name	A Passage app's name distinguishes it from other apps or environments in your Passage Console. An app's name should represent a specific userbase.
Authentication origin	An authentication origin is the full URL of the app that Passage will run on. It includes the protocol, domain, and port (if non-standard). Passage biometrics will not work on domains without TLS (i.e. https://), but Passage web biometrics will work on http://localhost (opens in a new tab) for testing. Authentication origins of 127.0.0.1 are not allowed, and will automatically be changed to localhost.

Field

Description

App name

A Passage app's name distinguishes it from other apps or environments in your Passage Console. An app's name should represent a specific userbase.

Authentication origin

An authentication origin is the full URL of the app that Passage will run on. It includes the protocol, domain, and port (if non-standard). Passage biometrics will not work on domains without TLS (i.e. https://), but Passage web biometrics will work on http://localhost (opens in a new tab) for testing.

Authentication origins of 127.0.0.1 are not allowed, and will automatically be changed to localhost.

API keys

API keys are critical for the security of using Passage, as they grant full access to manage your users. When deploying your application to a new environment, we recommend generating a new API key and storing it in your system's secrets storage.

Native mobile apps

To support Passage on Android and iOS, you must create native mobile apps for your Passage app. This allows authentication to be connected across web and mobile applications.

Android

Android apps require the following values:

Field	Description
Native app nickname	Name to distinguish from other native apps
Package name	Application ID
Signing certificate SHA256 fingerprint	App signing certificate

iOS

iOS apps require the following values:

Field	Description
Native app nickname	Name to distinguish from other native apps
App bundle ID	iOS bundle identifier
Team ID	Apple team ID

App transfers

For app organization transfers, please contact our dedicated support team at support@passage.id. They will assist you with the necessary steps and provide guidance throughout the process.