Add Anonymous Users

Allow guest users to use your apps and website and promote to regular users later.


You can use create an Anonymous User account for the guests in your apps, so they can carry out interactions just like a normal user. For example, guests can post comments and save preferences in your social platform before setting email and password. The user session will persist even if the app has been closed.

This improves the app experience because the user does not need to set up authenticators until further down the user journey, while still enjoying most of the app features. For app developers, the ability to create and assign Anonymous User also makes it easier to link the activities of an individual before and after sign-up.

Enable Anonymous User for your project

  1. In the portal, go to Authentication > Anonymous Users.

  2. Turn on Enable anonymous users.

  3. Save the settings.

Using the SDK

Sign up as an Anonymous User

This will create an Anonymous User for the session. Subsequent requests from the end-user in the session can be identified by the same sub

    .then(({userInfo}) => {
        // Logged in as anonymous user successfully
    .catch((err) => {
        // Handle the error

Check the UserInfo object

After "signing up" as an anonymous user, you can retrieve the "UserInfo" object and see the sub of the end-user.


  "sub": "...",
  "isVerified": false,
  "isAnonymous": true

Promotion of an Anonymous User

promoteAnonymousUser function can be called to promote an anonymous user to a regular user with login ID (e.g. email, phone number) and authenticators (e.g. password). The end-user will be prompted a sign up page to complete the promotion. The sub of an end-user will remain the same after promotion.

        redirectURI: THE_REDIRECT_URI,
    .then(({userInfo}) => {
        // Promote anonymous user successfully
    .catch((e) => {
        // Handle the error

User Lifetime

Mobile apps

On Mobile SDKs, creating an anonymous user will create a key-pair. The key-pair is stored in the native encrypted store on the mobile device. The end-user can always re-login to the same anonymous user with the key-pair. Such anonymous user will become inaccessible when the encrypted store is removed.

Web apps and websites

On the Web SDK, there will be no key-pair created. Therefore the end-user will not be able to login to the same Anonymous User after the their session become invalid. For cookie-based authentication, it is controlled by the "idle timeout" and "session lifetime" of the Cookie. For token-based authentication, it is controlled by the "idle timeout" and "token lifetime" of the Refresh Token.

In other words, The anonymous user account lifetime is the same as the logged-in session lifetime.

To adjust the lifetime settings, change the timeouts and lifetimes in Portal > Applications accordingly.

Caution for high-traffic websites

You should create anonymous users only when necessary in the user journey to prevent creating excessive orphan accounts in your tenant.

Last updated