Identity v3 (Powered by Auth0) is Aspenware’s next-generation identity management product.
This feature is supported for Aspenware Cloud customers who have contracted with Auth0.
Key Terms
Key Term 1
{1-2 sentence definition. Confirm that key term is not defined in another section first. }
Key Term 2
{1-2 sentence definition. Confirm that key term is not defined in another section first. }
{Paragraphs, pictures, attachments, etc go here}
What is Auth0?
Auth0 is an identity access management (IAM) provider. An IAM solution is a gatekeeper to the resources you provide to customers as web applications, APIs, etc, adding layers of authentication to secure your users’ digital identities and your product. The Auth0 identity platform supports regular web, mobile, or machine-to-machine apps.
The Identity v3 (Powered by Auth0) identity platform allows Aspenware to customize login services to fit your business, technology, and customer base. Using the Auth0 Dashboard and Management API, we can create a custom Auth0 instance to authenticate and authorize your customers. We can configure login behaviors, connect your user data store, manage those users, choose an authorization grant, and establish authentication factors for a seamless, scalable product with an impactful user experience.
Why Auth0?
Best in-class identity access management platform
Most secure platform
Out-of-the-box features and functionality that support SSO, social, biometrics, MFA, passwordless, etc.
Quick onboarding experience for customers.
Proven increase of conversion rates via universal login.
Product Features
Email & Password Sign In & Create Account
Your guests can utilize a standard login & create account flow using an email and password. The guest will be required to remember these credentials every season unless they decide to switch to other methods such as passwordless, which will be available in an upcoming release.
User Experience
Login, Sign Up, and Create Customer
Customer Matching
Guests that sign in create a user account. The user account is mapped to a customer in the point of sale (POS). It's vital to limit duplicate customer creation in the POS when possible. For that reason, Aspenware created a customer matching feature. When a guest creates a new user account, they will be prompted to complete their profile, which creates a customer record in the POS. When the provided information matches an existing customer in the POS, we send them through a matching process in order to prevent creation of a duplicate customer. Aspenware will endeavor to prevent a duplicate and will attempt to match with the following information (must match to all):
Email (In RTP, this is an email profile)
First
Last
Date of birth
If the customer matched to only one (1) customer in the POS, Aspenware will send an email to the customer for them to verify that they are the owner of that email. Once verified, the customer will then be matched. The new Auth0 user account will be associated to the customer record found in the POS, and they can then sign in and purchase products on the resort commerce site.
If the customer matched to multiple customers in point of sale, the guest is presented with the resort’s phone number so they can call for help. At this point, Aspenware systems don’t know which customer to match to and will leave it up to the call center to make the determination with the customer. Further evaluation will be made to automate this in the future so the customer can make the determination programatically.
User Experience
The resort maintains responsibility over what to do when a guest matches to multiple customers. In order to address this issue, when the resort receives the call from the customer, one option is to merge those customers in the POS and then direct the guest to enter the credentials they previously created when attempting to create an account the first time. From there, the guest will receive the ‘account already exists’ message and be required to verify their email before logging in successfully.
Email Verification
Anytime verification is required (account linking, customer matching, etc.), the customer will receive an email with a code so they can verify as a second ‘factor.' The email will look something similar to the example below.
SMTP
Email verifications will be sent from Auth0 using an SMTP provider.
Supported SMTP Providers: Sendgrid (Recommended), Mailgun, Mandrill, Amazon SES, Microsoft 365, Sparkpost, and Azure.
It is strongly recommended that the resort utilize an SMTP provider and have a dedicated IP address for transactional emails. This will significantly increase the likelihood of guests receiving emails for any verification needs.
Merged Customers
Some point of sales, like RTPOne have the concept of merging customers. Whenever customers are merged in the point of sale (i.e. RTPOne), Aspenware’s platform will associate the user to the merged customer record. If two customers are merged in the point of sale that have different user accounts in Auth0 (i.e. a different authentication profile in RTPOne), the user is associated with the customer record containing their credentials.
Google Analytics
We will track the following Google Analytics events based on the page location and user action indicated.
Title | Description | Location | Type (Page/Event) |
|---|---|---|---|
Sign-in Page | When a customer views sign in page | Auth0 | Page View |
Forgot password page | Customer view ‘forgot password’ page | Auth0 | Page View |
forgot_password_select | Customer selected ‘forgot password’ | Auth0 | Event |
forgot_password_submitted | Customer sent email to themselves to reset password | Auth0 | Event |
signin_attempt | Customer selects ‘continue’ from sign in | Auth0 | Event |
signin_error | Customer experiences a sign in error, such as password didn’t match, account exists, etc. | Auth0 | Event |
authentication_success | Customer has successfully been authenticated by auth0 | Auth0 | Event |
successful_login | Customer has been authenticated and directed to shop successfully | AW Cloud UI | Event |
signup_selection | Customer selects ‘sign up’ in auth0 | Auth0 | Event |
Sign-up Page | Customer views sign up page | Auth0 | Page View |
signup_attempt | Customer selects ‘continue’ after input email/password when creating a new account | Auth0 | Event |
signup_success | Customer is successful in creating new account in auth0 | Auth0 | Event |
auth0_account_error | Error occurred during sign up in auth0 such as email in use, API error. | Auth0 | Event |
Customer profile page | Customer views create customer profile page | AW Cloud UI | Page View |
customer_match | Customer submits create profile and is matched to an existing customer in RTP (1 or many) | AW Cloud UI | Event |
Customer match (1) page | Customer views ‘verification needed’ page after match | AW Cloud UI | Page View |
Customer match (many) page | Customer view ‘call resort’ after being matched to multiple customers in RTP | AW Cloud UI | Page View |
create_profile | Customer is successful in creating new customer | AW Cloud UI | Event |
Update_Customer_Profile_Error | Customer experienced an error at creating a new customer | AW Cloud UI | Event |
Monitoring & Alerting
Aspenware has setup performance monitoring through Application Insights. Internal teams at Aspenware will be alerted if there are any performance degradations (e.g. 10 sign-in failures within 5 minutes). Aspenware will assess performance on a regular basis to determine trends and consult with Auth0 to determine continual improvements in the system to ensure the delivery of optimal performance for resort partners.
What are we measuring?
Auth0 Uptime
Auth0 Performance (login/signup time)
Error trends
Performance Standards for Login & Create Account
0.1 - 5 seconds: Expectation
5.1 - 10 seconds: Warnings
10.1+ seconds: Alerts
How will we alert the resort?
Aspenware will notify the resort if there are any significant performance issues affecting Identity v3 (Powered by Auth0).
During office hours
Service representative to notify resort after being notified via Slack.
After office hours
On-call representative will notify resort after being notified via Slack.