Identity Management Overview
SessionM’s Identity Management capabilities enable a brand to use integrated login, registration, and customer profile management features across their web and mobile properties. The Identity Service feature leverages OAuth2 and OpenID to provide standards-based integration mechanisms for social identity providers (such as Facebook or Google) or custom brand-hosted identity solutions.
Identity Service Features
Capabilities within the SessionM Platform’s Identity Service include registration/login capture, the ability to login through a social network provider, integration with existing Customer Identity Access Management systems, and support across APIs and the SessionM SDK.
With the SessionM Identity Service enabled, a brand’s customers are able to register for an account across both mobile and desktop properties with their email and created password, using SessionM’s hosted web user interface.
The user interface is customizable to the brand’s color and design scheme preferences. The UI provides dual functionality within a single URL, enabling a first time customer to register and a returning customer to log in to their existing account.
Social Identity Provider Authorization
Platform users can additionally choose to authorize access to the program using a social identity provider such as Facebook or Google. SessionM can also support additional social identity providers if they are OAuth2-standards based.
If the social identity login route is chosen, the customer is authorizing access to their account information from the identity provider (social network), and the SessionM Platform uses that information to create their account and allow subsequent login for the initial session and sessions to follow. Customers who are active users of a social network typically gravitate towards social login support as the feature adds layers of convenience and familiarity.
Brand-Hosted Identity Provider Integration
Many organizations have existing centralized CIAM (Customer Identity Access Management) systems. SessionM’s Identity Service can integrate with such systems via OAuth2-based standard mechanisms, supporting a wide range of customer registration and access flows.
For brands seeking to collect additional data points from customers, such as a child’s birthday for a child-focused brand, or coffee preference for a cafe franchise, SessionM is able to provide a page through the Identity Service solution where customers can be prompted to provide these types of missing information. This can either take place during registration or later on in the customer’s journey. Additionally, the SessionM Platform’s Customer APIs can be leveraged to update the customer’s operational profile at any time.
SessionM supports reset/forgot password flows as part of the Identity Service capabilities. Customers who select “Forgot Password” receive an email from the SessionM Platform with a prompt to reset their password. This flow is supported if the customer has registered with the brand using their email and password, but is not for social authorization accounts. Customers using the social login method must follow password reset procedures for the applicable social account.
The SessionM SDK is fully supported by the Identity Service, providing a cross-platform solution that supports iOS and Android devices along with the web.
SessionM’s Identity Service also supports a set of APIs which can enable a brand to completely handle the login/registration flow themselves on the web or in the app via SessionM’s SDK. This approach offers the maximum flexibility for brands that would like to design their own login/registration interface. To learn more about the features and considerations each approach involves, please contact the SessionM team.
Identity Service Setup Requirements
SessionM has a number of best practices when setting up the Identity Service, including requirements, customer onboarding methods, and legacy password recommendations.
Login/Registration Setup Requirements
In order to configure the Identity Service to support login and registration, the following information must be provided to SessionM:
The customer profile data model, which is created in the SessionM Platform.
Knowledge of which fields are required for registration and which, if any, should be targeted for capture (non-mandatory) during registration.
Social identity provider application (client ID/secret/redirect URI) for each integrating system (Facebook, Google, etc.), if any.
Existing Customer Onboarding
SessionM is also able to onboard and provide access to existing customer bases by importing customer profile data. This is accomplished via an ingestion process undertaken by the SessionM integration and onboarding teams. The process typically consists of understanding the data format, executing a normalization or ETL process to load the customer’s existing data into the SessionM Platform, and customer messaging campaigns to inform them of any changes to their existing program membership. Large audiences should be prepared and imported in bulk weeks ahead of a go-live date, with smaller data files ingested as the date approaches.
Legacy User Passwords
SessionM has a number of recommendations to ensure a smooth experience for existing customers transitioning to a SessionM-powered program.
The best client practice when onboarding new customers who have been signing into an existing program is to leverage the communication opportunity this presents. For example, an email reviewing the benefits of the new program features can not only inform customers of the change, but encourage them to sign in and reset their password. Once notified, customers are more likely to log in using the new experience and reset their password if it is presented as a quick and simple process. This approach also simplifies customer onboarding as there are no legacy password concerns from prior login/registration solutions, leaving clients and end-customers with the benefit of collectively starting fresh.
SessionM also advises against attempting to match hashed legacy passwords. Hashed password validation is difficult to achieve in practice and requires custom integration that clients should avoid. For example, in order to match a hashed password, the exact original hashing algorithm must be replicated, including any randomizing “salt.” This is compounded by the complexity of different algorithms being implemented in a slightly different way across operating systems and programming languages.
In addition to the operational complexity, using passwords which were also stored on legacy systems presents a potential security risk if those platforms are ever compromised in the future. Instead, it is recommended that a brand should use the customer onboarding process as a chance to engage the customer and promote the benefits of your new, SessionM-powered program.
Identity Service Interface
SessionM’s Identity Service can be presented to customers in a number of different ways based on their customer status (new/returning) and the type of digital property (mobile/desktop) being used.
This interface is designed to enable customers to login from computer based properties, with elements that allow customers to enter their email and password or use a social identity provider (Facebook, Google, etc.) for access.
For new customers who choose the “Sign Up” option, they are presented with a different interface to capture new customer profile data.
Registration fields can be customized to capture the most relevant profile information, which is appended to the customer profile within the SessionM Platform.
Customers accessing a brand’s program on a mobile device are presented the same Identity Service elements, with a more responsive look.
These mobile based elements of the Identity Service feature can be used either through the mobile web or within a brand’s mobile app.
Through cross platform registration and log-in, the Identity Service feature within the SessionM Platform ensures that customers are recognized during each digital step of their journey, establishing a single customer view that is essential to the everyday marketer.