# Passwordless SSO

At Cusna, we are big believers that password are complicated and we do smooth user experience avoiding to use them.

A simpler yet effective and secure method to enable self-serve onboarding while preserving security is to:

1. Let a user enter its email in the WiFi Portal
2. Cusna checks via APIs in external systems (IdPs, CIAMs, any platform) if the email exists and is associated to an individual with the right permissions.
3. If the user exists and is authorized, Cusna creates the Account and send a secure magic link to the user email - which proves the user owns the email
4. The user clicks the magic link and get access to the Tenant Portal where gets access to the WiFi passphrase

### Passwordless SSO workflow

<figure><img src="/files/PRY2oolrhLMJW3C5JaUN" alt=""><figcaption></figcaption></figure>

When [**Groups**](/service-management/groups.md) is enabled, if the external identity system reports the user belongs to a group, Cusna automatically associates the user to an equivalent group (which is also created automatically if it doesn't exists already).

{% hint style="info" %}
Cusna can integrate with literally everything. Contact our team to learn more.&#x20;
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cusna.io/cloud-identity-platforms-integrations/passwordless-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.