> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getpara.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure Authentication

> Configure how users sign in — login methods, OAuth providers, external wallets, 2FA, and guest mode — from the Developer Portal Authentication screen.

The **Authentication** screen in the [Developer Portal](https://developer.getpara.com) is where you configure how users sign in. These settings live on your **partner record** (the source of truth), so the SDK reads them at runtime and you can change them without redeploying your app.

<Info>
  These settings supersede the matching deprecated `paraModalConfig` props (`oAuthMethods`, `disableEmailLogin`, `disablePhoneLogin`, `authLayout`, `twoFactorAuthEnabled`, `isGuestModeEnabled`, `hideWallets`). See [How Configuration Works](/v3/react/guides/customization/configuration) for how layering and overrides behave.
</Info>

To open it: select your project and API key, then go to **Authentication** in the sidebar.

## Display Order

Controls which login sections the modal shows and the order they appear. There are two reorderable rows — **Embedded Wallets** and **External Wallets** — each with:

* An **on/off** toggle — whether the section appears in the modal.
* A **Full Display / Condensed Display** choice — Full shows the section's options inline; Condensed collapses them behind a single entry button.

Drag the rows to set their order in the modal. At least one section must stay enabled — you can't turn both off.

<Note>
  This maps to the SDK's `authLayout`. The default is Embedded Wallets (Full) above External Wallets (Full).
</Note>

## Embedded Wallets

Configures the Para-native login methods used to create embedded wallets.

* **Email** and **Phone** — toggle each on or off.
* **OAuth providers** — select which social providers to offer (Google, X, Apple, Discord, Facebook, Farcaster, Telegram). Drag to reorder; the modal shows them in this order.
* **Custom OIDC** — bring your own OpenID Connect provider (enterprise SSO or your own auth) as a login method. Configure it in the **Custom OIDC** section, then enable it here. See [Set up Custom OIDC](/v3/general/developer-portal-custom-oidc) for the full walkthrough.

<Note>
  If you haven't selected any OAuth providers, the modal shows no social-login buttons. Editing an unrelated setting won't accidentally disable OAuth — Para only restricts the provider list once you've explicitly configured it.
</Note>

## External Wallets

Configures third-party wallet connections (MetaMask, Phantom, Keplr, and more).

### Connection Type

How a connected external wallet maps to a Para account:

| Option                  | Behavior                                                                                                                                            |
| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Standard Connection** | Creates a Para user account linked to the connected wallet. No signature required.                                                                  |
| **With Verification**   | Creates a Para user account and asks the user to sign a message to prove wallet ownership.                                                          |
| **Para Account**        | Creates a full Para account with an embedded wallet alongside the user's connected external wallet. Requires a verification signature.              |
| **Connection Only**     | Connects the wallet for use in your app only. No Para session is created, and Para features (sessions, recovery, embedded wallets) are unavailable. |

### Other settings

* **Project ID** — your WalletConnect project ID (up to 64 characters), used to enable WalletConnect-based wallets.
* **App Description** — a short description (up to 256 characters) surfaced to some wallets and networks during connection (e.g. WalletConnect session metadata).
* **Wallet list** — select which external wallets to offer; drag to reorder. Available wallets are filtered by the networks you enabled in **Setup**.

## Two-Factor Authentication

Requires users to set up a TOTP authenticator (e.g. Google Authenticator) when creating their account. The 2FA challenge is used during the **recovery flow** — it does not gate normal logins.

<Warning>
  The Developer Portal should be the default place to manage 2FA, but SDK instances can still override it with `configOverrides.authConfig.twoFactorAuthEnabled` when a per-instance value is required.
</Warning>

## Guest Mode

Allows a user to **Continue as Guest** — this bypasses authentication and normal onboarding and creates a wallet for the user.

## Hide "Wallet" Language

Suppresses wallet-related terminology and on-chain wallet displays in the modal. Useful for apps that want a familiar, non-crypto feel for their users.

## How these are enforced

The SDK enforces the resolved settings at its auth and wallet entry points, not just in the modal. Calling a method for something you've **explicitly disabled** (e.g. an OAuth provider not in your list, or guest mode turned off) throws a `PartnerConfigError`. See [How Configuration Works → Enforcement](/v3/react/guides/customization/configuration#enforcement-partnerconfigerror) for the error codes.

## Next steps

* [How Configuration Works](/v3/react/guides/customization/configuration) — layering, overrides, and enforcement
* [Style the Modal](/v3/react/guides/customization/modal-theming) — colors, fonts, and CSS overrides
