Skip to content

Multi-Attribute Login

WSO2 Identity Server lets you configure multiple attributes as the login identifier. While username is the default login identifier, users can have the option to enter a mobile number, email address or any attribute of their choice.

Supported flows

Multi-attribute login is supported in the following flows:

  • Identifier first authenticator
  • Username & Password Authenticator
  • Authentication REST APIs
  • Oauth Password grant
  • Password recovery flow

The following section explains how to configure WSO2 identity server for multi-attribute login.

Enable multi-attribute login

To configure multi-attribute login, follow the steps below:

  1. On the WSO2 Identity Server Console, go to Login & Registration > Login Identifier > Multi Attribute Login.
  2. Toggle the switch to enable multi attribute login.
  3. Add attribute URIs for attributes that users are allowed to use as login identifiers.
  4. Click Update to save the changes.


Add regular expressions for allowed attributes

Once you have configured WSO2 Identity Server for multi-attribute login, you need to provide regular expressions for the allowed user attributes. Some user attributes have regex defined by default.

If you need to define regex for a user attribute, follow the steps below.

  1. On the WSO2 Identity Server Console, go to User Attributes and Stores > Attributes.
  2. Click Attributes again under the Manage Attributes section.
  3. Click Edit for the attribute you want to update.
  4. Enter the regex pattern under the Regular Expression field.
  5. Click Update to save the changes.


Here are a few examples of regex patterns.

Attribute URI Example Regex pattern ^([a-zA-Z0–9_\.\-])+\@(([a-zA-Z0–9\-])+\.)+([a-zA-Z0–9]{2,4})+$ ^(\+\d{1,2}\s?)?1?\-?\.?\s?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$ ^[a-zA-Z0–9._-]{3,}$


Username regex configuration is already available in the user store configurations. You can update the regex pattern as needed. Refer to User Store Properties to learn more.

You have now successfully set up WSO2 Identity Server to allow multi-attribute login.

Try it out

When multi-attribute login is configured in WSO2 Identity Server, application users can use any of the configured attributes to login.

In this example scenario, let's allow users to use the mobile number as a login identifier:

  1. Configure multi-attribute login for the attribute and
  2. Go to the My Account: https://localhost:9443/myaccount.
  3. Enter mobile number as the login identifier and click Sign In.



  • What happens if two users use the same value for an attribute?

    Multi-attribute login will not work for these users. Retaining uniqueness for attribute values avoids this conflict. Learn about configuring the uniqueness of attributes.