Create a Passwordless Login URL

Passwordless authentication verifies a user's identity – sans password!

Michael Hughes avatar
Written by Michael Hughes
Updated over a week ago

In This Article

About This Task

Passwordless login allows learners to access lessons or paths without providing authentication details by following URLs with an authentication token appended to them. They will be logged in without having to enter a password if the authentication token is valid. To turn on this feature, contact your account manager or email Support at

📝 Important! Passwordless login is only an authentication method; it cannot be used to create new users. Ensure that you've set up another form of user management before using passwordless login.

Locate Passwordless Login

Before you begin: You must be an admin or have permission to edit company settings.

Select the gear icon in the upper right corner of the Learning interface, then select Passwordless Login. Afterward, you'll arrive at a page like the one pictured below.

To create an authentication token, you need two pieces of information: a Security Key and a JSON Web Token (JWT). Read on to learn how to obtain these.

Obtain Your Security Key

Each company has a unique security key that digitally signs and generates an authentication token. This key will be used to authenticate users.

📝 Important! Regenerating a security key will automatically invalidate previously generated authentication tokens.

You'll need this security key and a Learning user ID to generate a unique JSON Web Token (JWT). This token, in turn, will be appended to a content URL, turning it into a passwordless login URL.

Create a JSON Web Token (JWT)

JSON web token is an open industry standard for sharing security information between two parties, a client (customer) and a server (Learning). JWTs are signed using a cryptographic algorithm to ensure that claims cannot be altered after the token is issued.

To create a JSON web token, navigate to the JWT debugger and set the algorithm drop-down to HS256.

Under the Decoded column on the right side of the page, you'll see three text fields: header, payload, and verify signature.

Header should read as follows:

Edit the payload field to include one of your company's user IDs and the date on which the token will expire. The expiration date should be entered as a Unix timestamp, and Learning user IDs can be located in the URL of the user's overview page.

Your payload should look like this example:

In the Verify Signature pane, look for an HMACSHA256 function with a few parameters inside it. Copy your security key value from Learning's passwordless login page, then paste it into the parameter your-256-bit-secret.

Make sure this placeholder text is completely erased before pasting in the security key value.

📝 Note: You don't need to select secret base64 encoded.

Now copy the Encoded value in the left column. This is the token you'll add after the "?auth_token=" query parameter for your passwordless lesson URL.

Finally, copy the URL of the lesson you want learners to access via passwordless login. You can do this by copying the lesson URL from your browser's address bar, but you must edit the URL path, changing it from lessons, plural, to lesson, singular.

Alternatively, you can copy a share link from the lesson overview page. Share links contain the correct, singular path name.

Your content URL should look like the example below:

Users can follow URLs such as this one to access Learning content without entering a password. Once they've logged in, users can access their Learn tab and all other content in their accounts.

Questions? Contact the Support team at

Did this answer your question?