Logto Roadmap | Productlane

Requests

Discover our plans and suggest new improvements.

In Progress

Username policies

App-level access control

Planned

SCIM API

Guest mode: Anonymous access

Account API audit logs

OAuth Client ID Metadata Documents

Password reset with magic link

[Cloud] Allow editing the "Bring your own UI" CSP headers

Customizable grant TTL per application

M2M authentication IP allowlist

Adaptive MFA v2: Context-aware MFA rules

Granular Management API scopes for M2M applications

Password force reset policy

LDAP integration

Logto CLI

Support user search by custom data

Allow setting both plaintext & HTML content for e-mail templates

Support extending refresh token TTL up to 1 year for SPA

MFA: Trusted device

Backlog

Account center elements

API authentication

RBAC as code

Organization portal

Authentication policy

Single sign-on application dashboard

Custom content blocks in sign-in experience

Logto Management API key

Support Dynamic Client Registration

Google One Tap for websites

Just-in-time user migration

Custom claims for ID tokens

Email allowlist

Registration from forgot password

Unverified email/phone number

Support machine-to-machine access policy

Unverified SSO email verification

Support WebAuthn for mobile SDK

Country code restrictions for phone input

Allow concurrent Google Workspace and social login

Support localization parameter in content URLs

Support Central Authentication Service protocol

Customize account existence visibility

i18n for custom content

Minimum age limit for sign-up

Completed

Session management

Passkey as a first authentication factor

Profile fulfillment

Out-of-the-box account settings

Adaptive MFA

Redirect URI wildcards

OAuth 2.0 device flow

Multiple custom domains

SAML IdP

Account API

Block disposable email registration

Captcha support

Dev to Pro plan production tenant

Customize session TTL & concurrent grant limits

User role change webhook event

Magic link

Prevent search engine indexing

Account API for MFA

Hide Logto branding

Typed library for Management API

Account API for Passkey

Connectors: Sync unverified email

Sign-up capability improvement

Add custom data to ID token

Account center: security & custom CSS

Secret vault

Add `ui_locales` authentication parameter

Custom CSS per organization

Console UI for Account API

Call third-party APIs with secret vault

Customize identifier lockout policy

Optional sign-up identifiers for social sign-in

Include IP address in HTTP SMS connector

Third-party app for SPA & Native

IdP-initiated SAML SSO

Requests

Discover our plans and suggest new improvements.

In Progress

Username policies

App-level access control

Planned

SCIM API

Guest mode: Anonymous access

Account API audit logs

OAuth Client ID Metadata Documents

Password reset with magic link

[Cloud] Allow editing the "Bring your own UI" CSP headers

Customizable grant TTL per application

M2M authentication IP allowlist

Adaptive MFA v2: Context-aware MFA rules

Granular Management API scopes for M2M applications

Password force reset policy

LDAP integration

Logto CLI

Support user search by custom data

Allow setting both plaintext & HTML content for e-mail templates

Support extending refresh token TTL up to 1 year for SPA

MFA: Trusted device

Backlog

Account center elements

API authentication

RBAC as code

Organization portal

Authentication policy

Single sign-on application dashboard

Custom content blocks in sign-in experience

Logto Management API key

Support Dynamic Client Registration

Google One Tap for websites

Just-in-time user migration

Custom claims for ID tokens

Email allowlist

Registration from forgot password

Unverified email/phone number

Support machine-to-machine access policy

Unverified SSO email verification

Support WebAuthn for mobile SDK

Country code restrictions for phone input

Allow concurrent Google Workspace and social login

Support localization parameter in content URLs

Support Central Authentication Service protocol

Customize account existence visibility

i18n for custom content

Minimum age limit for sign-up

Completed

Session management

Passkey as a first authentication factor

Profile fulfillment

Out-of-the-box account settings

Adaptive MFA

Redirect URI wildcards

OAuth 2.0 device flow

Multiple custom domains

SAML IdP

Account API

Block disposable email registration

Captcha support

Dev to Pro plan production tenant

Customize session TTL & concurrent grant limits

User role change webhook event

Magic link

Prevent search engine indexing

Account API for MFA

Hide Logto branding

Typed library for Management API

Account API for Passkey

Connectors: Sync unverified email

Sign-up capability improvement

Add custom data to ID token

Account center: security & custom CSS

Secret vault

Add `ui_locales` authentication parameter

Custom CSS per organization

Console UI for Account API

Call third-party APIs with secret vault

Customize identifier lockout policy

Optional sign-up identifiers for social sign-in

Include IP address in HTTP SMS connector

Third-party app for SPA & Native

IdP-initiated SAML SSO

WordPress plugin integration