...
Tip |
---|
This feature is supported for Aspenware Cloud customers who have contracted with Auth0. |
Warning |
---|
This feature is not supported for resorts using Siriusware. |
...
Excerpt |
---|
ActionsSecure, tenant-specific, versioned functions written in Node.js that execute at certain points during the Auth0 runtime. Actions are used to customize and extend Auth0's capabilities with custom logic. ApplicationsSoftware that relies on Auth0 for authentication and identity management. Auth0 supports single-page, regular web, native, and machine-to-machine applications. BiometricsAuthentication process that allows the user to leverage FaceID or Fingerprint scanning. ConnectionRelationship between Auth0 and the sources of users for your applications. Examples include identity providers (such as Google or Active Directory), passwordless authentication methods, or user databases. Custom DomainThird-party domain with a specialized, or vanity, name. Also known as a CNAME. OrganizationsAuth0 product that allows B2B customers to categorize end-users and define specific roles, login experience, and access to resources. TenantsA logically-isolated group of users who share common access with specific privileges to a single software instance. |
Identity v3 (Powered by Auth0)
Aspenware Identity v3 (Powered by Auth0) marks a significant leap forward in secure, reliable, and modern identity features for our valued customers. In addition to the basic login & sign-up features, this product includes customer matching logic that will help reduce duplicate customers and account for any merging of customers in RTP.
As part of Aspenware’s ongoing commitment to safety and efficiency when rolling out new products and features, we will closely monitor and evaluate data in Auth0 and in Google Analytics. This ensures smooth operations and a seamless experience for all stakeholders.
...
What is Auth0?
Auth0 is an identity access management (IAM) provider. An IAM solution is a gatekeeper to the resources you provide to customers as web applications, APIs, etc, adding layers of authentication to secure your users’ digital identities and your product. The Auth0 identity platform supports regular web, mobile, or machine-to-machine apps.
The Identity v3 (Powered by Auth0) identity platform allows Aspenware to customize login services to fit your business, technology, and customer base. Using the Auth0 Dashboard and Management API, we can create a custom Auth0 instance to authenticate and authorize your customers. We can configure login behaviors, connect your user data store, manage those users, choose an authorization grant, and establish authentication factors for a seamless, scalable product with an impactful user experience.
Why Auth0?
Best in-class identity access management platform
Most secure platform
Out-of-the-box features and functionality that support Secure platform
Ability to easily extend into SSO, social, biometrics, MFA, passwordless, etc.and passwordless which has been proven to increase conversion rates
Quick onboarding experience for customers.Proven increase of conversion rates via universal login.
Product Features
...
Sign
...
in & Create Account
Your guests can utilize a standard login & create account flow using an email and password. The guest will be required to remember these credentials every season unless they decide to switch to other methods such as passwordless, which will be available in an upcoming release.
User Experience
Login, Sign Up, and Create Customer
...
For any existing customer in RTP that signs in and has any missing information that is required upon sign up, the guest will be prompted with ‘complete your profile’ and be asked to input any missing data. For example, if a customer/user exists in RTP with all fields except phone number, the guest will be shown only phone number field and be required to complete prior to signing in.
Note. If a new guest signs up and doesn’t complete their profile here, RTP will be populated with a first and last name of the guests email address. Due to RTP requirements and how auth0 works in conjunction, we must populate those fields so we can associated the auth0 account with an RTP customer ID. Once the user completes the process of signing up, those fields will be replaced by their values they enter for first and last name.
Customer Matching
Guests that sign in create a user account. The user account is mapped to a customer in the point of sale (POS). It's vital to limit duplicate customer creation in the POS when possible. For that reason, Aspenware created a customer matching feature. When a guest creates a new user account, they will be prompted to complete their profile, which creates a customer record in the POS. When the provided information matches an existing customer in the POS, we send them through a matching process in order to prevent creation of a duplicate customer. Aspenware will endeavor to prevent a duplicate and will attempt to match with the following information (must match to all):
Email (In RTP, this is an email profile)
First
Last
Date of birth
If the customer matched to only one (1) customer in the POS, Aspenware will send an email to the customer for them to verify that they are the owner of that email. Once verified, the customer will then be matched. The new Auth0 user account will be associated to the customer record found in the POS, and they can then sign in and purchase products on the resort commerce site.
If the customer matched to multiple customers in point of sale, the guest is presented with the resort’s phone number so they can call for help. At this point, Aspenware systems don’t know which customer to match to and will leave it up to the call center to make the determination with the customer. Further evaluation will be made to automate this in the future so the customer can make the determination programatically.
User Experience
...
The resort maintains responsibility over what to do when a guest matches to multiple customers. In order to address this issue, when the resort receives the call from the customer, one option is to merge those customers in the POS and then direct the guest to enter the credentials they previously created when attempting to create an account the first time. From there, the guest will receive the ‘account already exists’ message and be required to verify their email before logging in successfully.
...
Anytime verification is required (e.g. account linking , or customer matching, etc.), the customer will receive an email with a code so they can verify as a second ‘factor.' The email will look something similar to the example below.
...
It is strongly recommended that the resort utilize an SMTP provider and have a dedicated IP address for transactional emails.This will significantly increase the likelihood of guests receiving emails for any verification needs.
Merged Customers
Some point of sales, like RTPOne RTP|One have the concept of merging customers. Whenever customers are merged in the point of sale (i.e. RTPOneRTP|One), Aspenware’s platform will associate the user to the merged customer record. If two customers are merged in the point of sale that have different user accounts in Auth0 (i.e. a different authentication profile in RTPOneRTP|One), the user is associated with the customer record containing their credentials.
Google Analytics
We will track the following Google Analytics events based on the page location and user action indicated.
...
Title
...
Description
...
Location
...
Type (Page/Event)
...
Sign-in Page
...
When a customer views sign in page
...
Auth0
...
Page View
...
Forgot password page
...
Customer view ‘forgot password’ page
...
Auth0
...
Page View
...
forgot_password_select
...
Customer selected ‘forgot password’
...
Auth0
...
Event
...
forgot_password_submitted
...
Customer sent email to themselves to reset password
...
Auth0
...
Event
...
signin_attempt
...
Customer selects ‘continue’ from sign in
...
Auth0
...
Event
...
signin_error
...
Customer experiences a sign in error, such as password didn’t match, account exists, etc.
...
Auth0
...
Event
...
authentication_success
...
Customer has successfully been authenticated by auth0
...
Auth0
...
Event
...
successful_login
...
Customer has been authenticated and directed to shop successfully
...
AW Cloud UI
...
Event
...
signup_selection
...
Customer selects ‘sign up’ in auth0
...
Auth0
...
Event
...
Sign-up Page
...
Customer views sign up page
...
Auth0
...
Page View
...
signup_attempt
...
Customer selects ‘continue’ after input email/password when creating a new account
...
Auth0
...
Event
...
signup_success
...
Customer is successful in creating new account in auth0
...
Auth0
...
Event
...
auth0_account_error
...
Error occurred during sign up in auth0 such as email in use, API error.
...
Auth0
...
Event
...
Customer profile page
...
Customer views create customer profile page
...
AW Cloud UI
...
Page View
...
customer_match
...
Customer submits create profile and is matched to an existing customer in RTP (1 or many)
...
AW Cloud UI
...
Event
...
Customer match (1) page
...
Customer views ‘verification needed’ page after match
...
AW Cloud UI
...
Page View
...
Customer match (many) page
...
Customer view ‘call resort’ after being matched to multiple customers in RTP
...
AW Cloud UI
...
Page View
...
create_profile
...
Customer is successful in creating new customer
...
AW Cloud UI
...
Event
...
Update_Customer_Profile_Error
...
Customer experienced an error at creating a new customer
...
AW Cloud UI
...
Event
Monitoring & Alerting
Aspenware has setup performance monitoring through Application Insights. Internal teams at Aspenware will be alerted if there are any performance degradations (e.g. 10 sign-in failures within 5 minutes). Aspenware will assess performance on a regular basis to determine trends and consult with Auth0 to determine continual improvements in the system to ensure the delivery of optimal performance for resort partners.
What are we measuring?
Auth0 Uptime
Auth0 Performance (login/signup time)
Error trends
Performance Standards for Login & Create Account
...
0.1 - 5 seconds: Expectation
...
5.1 - 10 seconds: Warnings
...
Guest Checkout
Guest checkout is supported out of the box with Identity v3 (Powered by Auth0). When a customer is purchasing a product that doesn’t require authentication, they will be presented with the option to log in if the email has been recognized as a previous account. If selected, they will be routed to the Identity v3 (Powered by Auth0) login screen to authenticate.
Pass Media Account Lookup (Forgot Email)
Some guests may have forgotten which email they used to sign up. If this feature is enabled, resorts can allow guests to look up their email by inputting their pass number. Aspenware will configure Auth0 to enable this function so that once the user selects ‘Lookup email by pass number,' they will be directed to another page to input their pass number, as shown below.
...
Creating an Account with a Pass
While account creation with a pass is supported in Identity v2, Identity v3 (Powered by Auth0) offers a more intuitive and streamlined experience. One of the key benefits of signing up with a pass is that guests can easily link new purchases to their existing pass.
How it Works:
Enter Pass Number: Guests begin by entering their pass number. Aspenware will check if an account already exists for the guest.
Email Profile Verification: If no existing account is found, Aspenware will then verify if there is an email associated with the guest's profile in RTP|One.
Email Invitation: If an email is found, Aspenware will send a verification email inviting the guest to confirm their identity.
Account Creation: The guest verifies their account by accepting the email invite, setting up a password, and completing their customer profile information. Once these steps are completed, the sign-up process is done!
If the guest already has an account, they will be redirected to sign-in if it’s been determined that an email exists in the auth profile in RTP|One for that pass.
...
If a guest enters a valid pass number, but the pass is not associated with an email, Aspenware will prevent the guest from signing up with that pass. This safeguard ensures that individuals who may have found or obtained someone else's pass cannot create an account with it.
In these cases, guests will be prompted to contact the resort for assistance in verifying and linking their pass to their account.
...
Bot Detection
Auth0 provides built-in bot detection and protection against unauthorized login attempts that can be enabled for partner resorts. When suspicious activity is detected, such as from certain IP addresses, Auth0 will prompt the user with a simple challenge, such as checking a box to confirm they are human.
Single Sign-On
Single Sign-On
Single Sign-On, or SSO is enabled with Aspenware. In the instance of a Resort Group with multiple resorts, a single guest can create credentials at one resort and use those same credentials across all related resorts, as long as the tenant is setup to do so.
Multi-Store SSO
Identity v3 will allow resort groups that utilize a shared Commerce instance to host multiple stores. This applies to various configurations:
Themes are applied per store
GTM IDs are applied per store
Logins are applied per store
Rewards
The Rewards module in RTP|One is integrated with Aspenware Identity v3 (Powered by Auth0). If a resort chooses to enable a rewards program, an enrollment checkbox will appear during the customer profile creation process. When selected, this will communicate directly with RTP|One and set the guest's enrollment status to "true" in the Rewards module.
Please note that the resort must configure their Rewards module in RTP|One before Aspenware can activate this feature in the sign-up flow.
Google Analytics
We have added Google Analytics tracking to Identity v3. For more information on the specific additions to the data layer, see
Monitoring & Alerting
Aspenware has implemented performance monitoring using Application Insights. Internal teams at Aspenware will receive alerts if any performance issues arise, such as multiple sign-in failures (e.g., 10 failures within 5 minutes). Aspenware regularly evaluates system performance to identify trends and works closely with Auth0 to continuously improve the platform, ensuring optimal performance for resort partners.
How will we alert the resort?
Aspenware will notify the resort if there are any significant performance issues affecting Identity v3 (Powered by Auth0).
During office hours
Service representative Customer Success Representative to notify resort after being notified via Slack.
After office hours
On-call representative Representative will notify resort after being notified via Slack.
3rd Party Applications
All existing (and new) 3rd party applications from Identity v2 are may be added to Identity v3. See the Identify v3 (Powered by Auth0) Configuration Guide for details about setup of this feature.
Aspenware will provide documentation and consultation if/when resorts wish to migrate their applications to using Identity v3 (Powered by Auth0). Please contact your Aspenware Service Agent for more information.
Theming
Aspenware will theme the resort Auth0 pages based on the criteria submitted via Theme Designer. If the resort is a current Aspenware customer, most of the information can be utilized from Identity v2, but some new information will be newrequired.
Implementation
Theming the Auth0 pages will be part of the resort implementation process. All requests will go through the Aspenware Team and they will be responsible for setting up the initial theme on the Resort Auth0 resort Identity v3 pages once the tenant is setup.
Updates
Any updates to the theme must be submitted to the Aspenware Service Team via the Service Portal. The Aspenware Service Agent will make any supported adjustments to the theme via Theme Designer.
...
Other Considerations
Currently, the following functions are not supported with Identity v3 (Powered by Auth)? Auth0):
Usernames
Siriusware Integration
Have Questions?
Check out our Frequently Asked Questions page or contact your Aspenware Service Agent.