By having implemented registration, activation and password forgotten modules as authentication modules, it allows - if you want to - to auto-login users after each of these actions.
Each module has the following options to configure.
Show only when needed
Log in with your username or email, and password. Users must exist in your tenant. Either because you have created them or because they have registered themselves using the registration module.
Time-based One-Time Password
Time-based One-Time Password (TOTP) is a well known authentication method for second-factor authentication (2FA). It is most used in combination with the Google Authenticator app.
You can safely configure the TOTP module as a second-factor. By default, this module must only be succesfully passed for users who have configured TOTP for their user account.
OpenID Connect (remote provider)
The activation module sends an email to the user with an activation link.
If this module is used as a first factor, it prompts for the user's username or email.
If this module is used as a second factor, it sends a mail to the user without prompting.
After having send the e-mail, the module shows a success message.
In most set-ups, a user has multiple ways to activate his account. For example, many services consider a login with a Facebook or Google account as a valid way to activate an account. Therefore, an account is activated based on the related
activation authentication level. You can assign this authentication level to other authentication modules if needed.
If you create your own profile page, you might want to offer users the possibility to link a Facebook account to an existing account.
You cain chain modules. Note that
A single person might want to make use of different authentication methods. He might register himself using a password first, but later wants to connect his Facebook or Google account. This can be done by account linking.