Asgardeo LoginFlow AI for Developers: Secure AI-Assisted Login Experience

In recent years, Artificial intelligence (AI)—specifically Generative AI (GenAI)—has made its way into our daily lives on an unprecedented scale. Its influence extends to every domain you can imagine, and identity and access management (IAM) is no exception. While GenAI introduces significant challenges and security threats for IAM, it also opens up avenues for innovation, redefining both user experience (UX) in customer-facing applications and developer experience (DX) when building secure, customer-centric applications.

At WSO2, we continuously evolve our IAM offerings with a strong focus on customer identity. Our two flagship IAM solutions, WSO2 Identity Server (a leading open-source IAM solution) and Asgardeo (a public cloud-based IDaaS solution), are designed to address both the challenges and opportunities presented by GenAI.

Our GenAI strategy focuses on two primary objectives:

• Strengthen the security posture - The challenges and threats posed by GenAI can’t be ignored. For example, while AI-assisted face recognition can simplify and enhance the login experience in customer-experience applications, it can also be exploited by malicious parties, such as using deepfake techniques to bypass security controls. To address these risks, it’s important to continuously evaluate and improve the security posture to ensure that the current processes, tools, and policies are capable of handling emerging threats. This involves introducing new multi-factor authentication (MFA) options to make it harder for attackers to bypass security measures and enhancing existing risk-based adaptive authentication capabilities by incorporating AI-assisted risk evaluation to identify and respond to abnormal behavior without compromising the user experience.
• Enhancing developer productivity - Empowering developers to innovate by enabling GenAI capabilities into their application development lifecycle so that they can save time and cost while developing secure and production-ready customer-experience applications. GenAI can assist by automating time-consuming development tasks and applying industry best practices. This allows developers to focus on higher-level problem-solving and feature development, rather than getting bogged down in repetitive tasks.

In this blog, you will discover two AI-assisted capabilities available in Asgardeo—LoginFlow AI and Branding AI—designed to enhance developer productivity and improve security posture by making it easier to build secure and production-ready login flows for customer-facing applications.

LoginFlow AI

Nearly a year ago, we introduced the Graphical Login Flow Designer to Asgardeo and later integrated it into WSO2 Identity Server 7.0. This tool simplifies designing secure, production-ready login flows by allowing developers to drag and drop elements. Similar to how tools like Figma and Sketch simplify UI design, the Login Flow Designer offers a “what you see is what you get” (WYSIWYG) experience for authentication flow creation.

LoginFlow AI takes this concept further by integrating GenAI capabilities into the tool. Developers can now generate secure, production-ready login flows using simple natural language instructions.

Instead of dealing with complex IAM terminology, developers can describe the desired login flow in plain language. LoginFlow AI then generates the exact login flow in a graphical format within the Login Flow Designer.

Let’s take a look at a couple of example scenarios, beginning with a simple instruction: “password or magic link" Within a few seconds, you’ll see a login flow generated with username & password and email-based magic link as login options, as shown below.

Next, let's modify the instruction for Login Flow AI to “password or Google then SMS” With this change, you’ll see that the first step now offers username & password or Google as the initial login options. If either of these succeeds, the flow will prompt for an SMS OTP in the generated login flow.

LoginFlow AI goes beyond just generating login flows – it can also create adaptive scripts for implementing risk-based adaptive authentication, all without requiring you to write any code yourself.

Let’s modify the instruction to “Password or Google then SMS if the user has manager role” When you look at the generated login flow, you’ll notice there’s no change in the graphical flow, which makes sense. The flow still offers username & password or Google as the login options, followed by an SMS OTP prompt. However, this time, the SMS OTP will only be triggered if the current user has the manager role.

If you check the Script Editor dialog below the flow design, you’ll see a condition has been generated to prompt for the SMS OTP based on the user's role.

Asgardeo uses JavaScript syntax to define conditions for adaptive authentication, so you can easily understand the generated code from LoginFlow AI. However, you don’t need to modify this code yourself. If you do wish to make changes, you can simply adjust the natural language instructions provided to LoginFlow AI.

To validate the capabilities of LoginFlow AI, let’s modify the instruction by adding a couple of complex conditions: “Password or Google then SMS if the user has manager role, from the Primary user store, and no other session.”

Branding AI

Every organization has unique branding that distinguishes it from others. As a developer of customer-facing applications, it’s vital to ensure that your organization’s branding is consistently reflected across all interfaces, including login pages and prompts for SMS or email OTP.

Once you’ve finalized your login flow with multiple steps or options, applying your branding can be a time-consuming and error-prone process, involving layout edits and stylesheet customizations. This is where Branding AI proves invaluable, saving time and ensuring consistent, accurate branding.

With Branding AI, you simply provide branded content, such as your organization’s website URL. The tool extracts the branding details and applies them to your login flow. If you’re unsatisfied with the results, you can instruct the tool to regenerate them. At the very least, Branding AI provides a great starting point.

Here are a couple of examples of applying branding to the login flows that we generated in the previous section.

First, let’s rebrand the login flow generated in the previous step to align with the branding of https://choreo.dev/. Simply enter https://choreo.dev/ as the input for Branding AI, and it will extract the branding details and apply them to the login flow. The result is shown in the following diagram.

For our next example, let’s use https://ballerina.io/ as the input for Branding AI. The tool will rebrand the current login flow to match the branding of https://ballerina.io/. The results are shown in the following diagram.

As a final example, you can rebrand the login flow once more by entering your organization’s website URL. Then, check how accurately Branding AI customizes the login flow to reflect your brand identity.

Conclusion

The integration of Generative AI within the IAM landscape is transforming how organizations approach security and developer efficiency. With LoginFlow AI and Branding AI, Asgardeo equips developers with the tools needed to create secure, production-ready login workflows while delivering a seamless customer experience. If you’re ready to explore the future of IAM, leverage the powerful capabilities of LoginFlow AI and Branding AI. Build security, streamline development, and align every touchpoint with your brand identity—all with the power of GenAI.

Get started with Asgardeo today!