Product

Sign In Your Way: Apple, Microsoft, and Magic Link Login

hiroi now supports Apple Sign In, Microsoft OAuth, magic link email, plus Google, GitHub, and passkeys — giving your team the flexibility to log in however they prefer.

TS
Trent Scott
Founder, hiroi
2026-04-03 4 min read min read

Authentication should not be an obstacle. When someone on your team needs to manage an AI agent, the last thing they should deal with is a forgotten password or an unsupported login provider. hiroi now supports six ways to sign in: Google, GitHub, Apple, Microsoft, magic link email, and passkeys.

Here is what changed and why it matters.

New Authentication Providers

Apple Sign In

Apple Sign In is now a first-class option on hiroi. The implementation uses JWT client secrets and JWKS-based id_token verification, following Apple's security model closely. If your team uses Apple devices and iCloud accounts, they can sign in with a single tap using the credentials already on their device.

Apple Sign In also respects user privacy preferences. Users can choose to hide their email address through Apple's private relay, and hiroi handles both cases — relay addresses and real addresses — correctly.

Microsoft OAuth Login

For enterprise and education teams, Microsoft OAuth login through Entra ID (formerly Azure AD) is often the only acceptable option. IT departments standardize on Microsoft accounts. Universities issue them to every student and faculty member. If your organization already uses Microsoft 365, your team can now sign into hiroi with the same credentials they use for Outlook and Teams.

The integration uses authlib with full OIDC discovery, so it works with any Entra ID tenant — commercial, education, or personal Microsoft accounts. No special configuration is needed on your end.

Not everyone wants to use a social login provider. Magic link authentication offers a passwordless login experience with zero friction: enter your email address, click the link that arrives in your inbox, and you are logged in. No password to remember. No OAuth consent screen. No third-party dependency.

Magic links expire after a short window and can only be used once. This makes them more secure than traditional passwords, which tend to be reused, weak, or both. For teams that want the simplest possible onboarding experience, magic link authentication removes every barrier between your team and the dashboard.

Security Across All Providers

Every authentication method in hiroi — whether Apple Sign In, Microsoft OAuth, Google, GitHub, magic link, or passkey — enforces the same security rules:

  • Email allowlist: The ALLOWED_EMAILS whitelist controls who can access your account. No one outside your approved list can sign in, regardless of which provider they use.
  • Deactivated account blocking: If an account is deactivated, authentication is rejected at the provider callback level. There is no window where a deactivated user can slip through.
  • Consistent session handling: All providers feed into the same session and user model. Switching providers does not create duplicate accounts or orphaned sessions.

These rules apply uniformly. Adding a new SSO provider does not weaken your security posture — it strengthens it by giving your team options that fit their existing workflows.

Passkeys: The Passwordless Future

Alongside these new providers, hiroi also supports passkey authentication via WebAuthn. Passkeys use public-key cryptography tied to your device — a fingerprint scan, face recognition, or hardware security key replaces the password entirely.

Passkeys cannot be phished. There is no shared secret to intercept. For security-conscious teams, this is the strongest authentication option available, and it works alongside any of the other sign-in methods as an additional factor or a standalone credential.

Why Multiple Sign-In Options Matter

Teams are not homogeneous. A marketing agency might have team members on MacBooks using Apple accounts, a developer on GitHub, and a client who only has a work email. An education institution needs Microsoft login. A freelancer wants the fastest path in — a magic link.

Forcing everyone through a single provider creates friction. Friction creates support tickets, delayed onboarding, and abandoned setups. By supporting Apple Sign In, Microsoft OAuth login, magic link authentication, Google, GitHub, and passkeys, hiroi meets your team where they already are.

Get Started

All authentication providers are available now. Visit your hiroi dashboard to sign in with your preferred method, or invite team members and let them choose their own. No configuration required — every provider works out of the box.

If you have not tried hiroi yet, create your first AI agent in under five minutes. Pick any sign-in method and you are in.

Tagged authentication Apple Sign In Microsoft OAuth magic link passwordless login
TS

Trent Scott

Founder & CEO, hiroi

Building tools that let AI assistants show up in real conversations — on websites, over the phone, and inside the apps people already use.

Try hiroi free.

Deploy an AI agent across chat, voice, email, and SMS — no credit card required.

Start free trial Talk to sales

Keep reading

Product

Live call escalation: handing off with an AI briefing.

When an AI call needs a human, hiroi summarizes the conversation, shares the schema state, and dials in the right person.

Feb 3 · 5 min read
Product

hiroi in Microsoft Teams: your assistant, where you already work.

Chat with your hiroi assistant inside Teams — calendar, files, email, and proactive reminders.

Apr 20 · 6 min read
Features

Page-aware AI: your agent can read and edit content.

Page Integration lets your AI agent read, highlight, scroll, and suggest edits in real time.

Mar 5 · 6 min read