Identity Service Setup Requirements

SessionM has a number of best practices when setting up the Identity Service, including requirements, customer onboarding methods, and legacy password recommendations.

Login/Registration Setup Requirements

In order to configure the Identity Service to support login and registration, the following information must be provided to SessionM:

  • The customer profile data model, which is created in the SessionM Platform.
  • Knowledge of which fields are required for registration and which, if any, should be targeted for capture (non-mandatory) during registration.
  • Social identity provider application (client ID/secret/redirect URI) for each integrating system (Facebook, Google, etc.), if any.

Existing Customer Onboarding

SessionM is also able to onboard and provide access to existing customer bases by importing customer profile data. This is accomplished via an ingestion process undertaken by the SessionM integration and onboarding teams. The process typically consists of understanding the data format, executing a normalization or ETL process to load the customer’s existing data into the SessionM Platform, and customer messaging campaigns to inform them of any changes to their existing program membership. Large audiences should be prepared and imported in bulk weeks ahead of a go-live date, with smaller data files ingested as the date approaches.

Legacy User Passwords

SessionM has a number of recommendations to ensure a smooth experience for existing customers transitioning to a SessionM-powered program.

The best client practice when onboarding new customers who have been signing into an existing program is to leverage the communication opportunity this presents. For example, an email reviewing the benefits of the new program features can not only inform customers of the change, but encourage them to sign in and reset their password. Once notified, customers are more likely to log in using the new experience and reset their password if it is presented as a quick and simple process. This approach also simplifies customer onboarding as there are no legacy password concerns from prior login/registration solutions, leaving clients and end-customers with the benefit of collectively starting fresh.

SessionM also advises against attempting to match hashed legacy passwords. Hashed password validation is difficult to achieve in practice and requires custom integration that clients should avoid. For example, in order to match a hashed password, the exact original hashing algorithm must be replicated, including any randomizing “salt.” This is compounded by the complexity of different algorithms being implemented in a slightly different way across operating systems and programming languages.

In addition to the operational complexity, using passwords which were also stored on legacy systems presents a potential security risk if those platforms are ever compromised in the future. Instead, it is recommended that a brand should use the customer onboarding process as a chance to engage the customer and promote the benefits of your new, SessionM-powered program.