# User, Identity and Authenticator To fully configure and use Authgear, you need to understand 3 important concepts in Authgear's flexible yet powerful authentication system: * User * Identity * Authenticator Combining identity and authenticators, Authgear can support a lot of different authentication needs such as, but not included to: * Simple email / username / phone sign in, with or without 2FA * Email or SMS Passwordless login * SSO login such as Google / Facebook etc * Phone sign in with Password as the 2nd factor like telegram or whatsapp * A lot more. ## User A user represents an entity who use your app, usually a person. Each user can have multiple identities. ## Identity Identities are the way users can identify themselves, such as username, email and phone. Identities could also came from an OAuth Provider such as Google/Facebook SSO, or Sign in with Apple. Currently, Authgear support the following identity: * Email * Phone * Username * OAuth Provider: * Google * Facebook * Azure Active Directory * Linkedin * Sign in with Apple * Anonymous Each identities have its configuration. For example email could be configured to block "+" or not, or if a username is case sensitive or not. Email, Phone and Username identities automatically create the `email`, `phone_number` and `preferred_username` claims. OAuth Provider might create a `email` claim depends on if the user's email is provided. ## Authenticator Authenticators are the way a user with an identity can authenticate themselves, each user can multiple primary and secondary authenticators. If secondary are configured or required, a user need to authenticate itself against both to be signed in. Currently Authgear support the following authenticators: * Primary Authenticators: * Password * One Time Passcode via Email or SMS (oob\_otp) * Secondary Authenticators: * Password * TOTP (2FA token) * One Time Passcode via Email or SMS (oob\_otp) Secondary authentication could be optional (only if the user configured it) or required for all users. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.authgear.com/~/changes/anTCj6yoZ06s3pLJk5v8/concepts/user-identity-and-authenticator.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.