Configuration: Standard Login

1 Setup Checklist
- 1.1 1. POS Tasks
- 1.2 2. Commerce Tasks
2 Prerequisite Tasks
- 2.1 POS Tasks
3 Detailed Setup Guide
- 3.1 1. Configure Sign In
- 3.2 2. Configure Create Account
  - 3.2.1 CAPTCHA
  - 3.2.2 Phone Number Formatting
  - 3.2.3 Language Strings
- 3.3 3. Configure Find Me
4 4. Enforce User Lock Timeout for Failed Password Attempts
- 4.1 Steps to enable user lockout number of login failures and lockout time
- 4.2 Steps to Update the language string for the user-facing message when user is locked out

Setup Checklist

1. POS Tasks

1. POS Tasks

Clean up duplicate customer accounts prior to implementing login. Required

RTP|One

Work with your Aspenware Representative to create a new Alternate ID profile type. required
Work with your Aspenware Representative to run a SQL script to match email and authentication profiles for guests who are mismatched. required
Decide on Customer Alternate Id prefix (i.e. AW.) required
Notify your Aspenware Representative know if you use Usernames in RTP|One. required

Siriusware

Notify your Aspenware Representative about your Siriusware Password rules. If Siriusware is more strict than Aspenware Commerce password rules, this could create significant login issues for guests. required

Prerequisite

2. Commerce Tasks

Configure Sign In optional

Configure Sign In Settings
Configure Sign In Language Strings
Configure Sign In HTML Widgets

Configure Create Account optional

Configure reCAPTCHA
Configure Create Account Language Strings

Configure Find Me optional

Configure customersettings.passmediafindmeskipemail
Configure Twilio
Configure Find Me Settings
Configure Find Me Language Strings

Enforce User Lock Timeout for Failed Password Attempts optional

Detailed Setup

Prerequisite Tasks

POS Tasks

Go through an exercise to de-dupe your customer database and clean up duplicated customer accounts prior to implementing login.

RTP|One

Work with your Aspenware Representative to create a new Alternate ID profile type, which is stored in RTP|One for guests who log in or create accounts in Aspenware commerce.
(Recommended) Work with your Aspenware Representative to run a SQL script to match email and authentication profiles for guests who are mismatched. Guests who have mismatched email and authentication profile emails will have a confusing guest experience - i.e they log in with one email and the email confirmation goes to a different email.
Decide on Customer Alternate Id prefix (i.e. AW.)
Let your Aspenware Rep know if you use Usernames in RTP|One.

Siriusware
Let your Aspenware Representative know what your Siriusware Password rules are. If Siriusware is more strict than Aspenware Commerce password rules, this could create significant login issues for guests.

Detailed Setup Guide

Configure Sign In
Configure Create Account
Configure Find Me
Enforce User Lock Timeout for Failed Password Attempts

1. Configure Sign In

When a guest lands on the store home page, there is an option to Sign In to their account. Depending on how you set up your login, the guest may be prompted to enter their email address, username, pass, or RFID number. When this option is selected, the guest is prompted to enter their email address, or, in some cases, username. Then, the guest will be prompted to enter their password. If they have forgotten their password, they can select “Forgot password” to receive a password reset email. The sign-in functionality and modal are highly customizable with the settings and language strings listed below.

NOTE: Aspenware recommends that email addresses be used as Authentication IDs. In the situation where usernames had been used previously, the username will automatically be retrieved if a guest enters his/her email address.

Configure settings that are relevant to Sign In. For instructions on how to find and update systems settings, along with a complete library of settings and screen captures, see the Store-Wide Settings Library. In the “Category” column within the settings library, the following settings are listed under “Login.” The following settings are important for limiting failed attempts at login:

Setting Name	Value configuration(s)	What it does	Ex.

Setting Name

Value configuration(s)

What it does

Ex.

unitysettings.customersessiontimeout

Format: #

ie: 10080

Defines the number of minutes before a user is automatically logged out of the store due to inactivity.

Defaulted to 7 days = 10080 minutes

n/a

customersettings.failedpasswordlockoutminutes

Format: #

ie: 30

Defines the number of minutes a guest is locked out for once they have reached the incorrect password attempt threshold.

n/a

The settings on the diagram are configurable for Sign In (click to enlarge.)

Configure Language Strings that are relevant to Sign In. For instructions on how to update language strings and a complete library of strings, see the Language Strings Library. Language strings related to Sign In will be listed under the Location “Login.” See the diagram below for a quick reference for relevant language strings.

Configure HTML Widgets that are relevant to Sign In. For instructions on how to update HTML Widgets and a complete library of widgets, see the HTML Widgets Library. HTML Widgets related to Sign In will be listed under the Category/Location “Login.” See the diagram below for a quick reference for relevant HTML Widgets.

2. Configure Create Account

On the Sign In modal, guests have the option to Create An Account if they don’t already have one.

Other flows through the following Find Me flow may also bring the guest to this account creation feature if it is determined that they don’t have an existing account. Once selected, the guest arrives at the Create My Account page.

CAPTCHA

Security is important, so Aspenware Commerce has introduced one of the most respected schemas for user identification, CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). With this release, you can implement CAPTCHA on both the registration and forgot password pages. Toggle the feature on or off in Settings under the Configuration tab. To implement this feature:

First set up a ReCaptcha account here: https://www.google.com/recaptcha/admin/create.
Select ReCaptcha v2 AND I’m not a robot checkbox.
Enter both your prod and test domains shop.
Add additional Gmail owners at your company.
Accept the terms of service.
Optionally Uncheck the option to receive alerts.
See the Google Developer’s Guide for CAPTCHA for additional information.
Configure settings that are relevant to reCAPTCHA. For instructions on how to find and update systems settings, along with a complete library of settings and screen captures, see the Store-Wide Settings Library. In the “Category” column within the settings library, the following settings are listed under “Captcha.” The diagram below details the settings that are relevant to implementing CAPTCHA (Click to enlarge.)

Setting	Value
captchasettings.enabled	True/False
captchasettings.showonregistrationpage	True/False

Phone Number Formatting

Aspenware Commerce uses the E.164 universal standard for phone number formatting. No action needs to be taken to configure the phone number, the following detail is for informational purposes only.

When a guest logs in, Aspenware Commerce will detect their location based on their IP address, and that country will be presented in the suggested format. If necessary, a guest can manually select a different country from the drop-down list. The guest will be required to enter the correct number of digits and it will be saved in its proper format.

Resorts using RTP|One will see the full number, stripped of any characters or punctuation, pass through to the customer profile, regardless of the number of digits included in the number. (+1 860-485-8384 will pass to RTP|One as 8604858384).

Resorts using Siriusware will see the number preserved with the formatting and area code, as long as the number is a USA or CAN number. Siriusware does not support any other phone number format.
1. If a guest provides an internationally formatted number, Aspenware Commerce will pass that number to Siriusware as (000)000-0000.

NOTE: This new number schema eliminates the possibility of Siriusware rejecting an ecommerce order because the guest entered a partial, incomplete or internationally formatted number.

Resorts using Siriusware who wish to be able to recover the original phone number supplied by the guest should set “OrderSettings.CollectMissingCustomerInfo “ to TRUE, and click on “Phone Number Enabled” in Customer fields, per CAPTURE OF CERTAIN FIELDS. This will display the supplied number in the original form in the Customer Record in Aspenware Commerce.

Language Strings

Configure Language Strings that are relevant to Create Account. For instructions on how to update language strings and a complete library of strings, see the Language Strings Library. Language strings related to Create Account will be listed under the Location “Create Account.” The diagram below shows the most commonly used language strings for the Create Account feature.

3. Configure Find Me

The Find Me flow enables guests to search for their existing accounts in multiple ways including by email addresss, by pass/RFID number, or by personal information for resorts using RTP|One and only by email address for resorts using Siriusware. The following flowchart details the process (click to enlarge.)

Configure settings that are relevant to Find Me. For instructions on how to find and update systems settings, along with a complete library of settings and screen captures, see the Store-Wide Settings Library. In the “Category” column within the settings library, the following settings are listed under “Find Me.”
- You can see on the diagram above that the customersettings.passmediafindmeskipemail is an important one to note. In the flows for Find Me using Pass Number and Find Me using Personal Information, the setting for customersettings.passmediafindmeskipemail dictates the flow.
  1. If the setting is set to TRUE, and a guest is matched, then the guest will receive this message:
  2. If the setting is set to FALSE, and a guest is found but does not have an email or phone profile on file, then the guest will receive this message:
  3. If the setting is set to FALSE, and a guest is found but does have an email or phone profile on file, then the guest will receive an option to email or text a code to them for verification.
  4. Resorts have the option of setting up Twilio to use alongside two-step verification. Please see the Instructions for Setting up Twilio to configure it for your resort. If Twilio is configured AND the setting is set to FALSE, and a guest is found that does have a phone profile on file, then the guest will receive the following message and have the options to receive a code by text:
- The following diagram illustrates additional settings that are customizable in Find Me (click to enlarge.)
Configure Language Strings that are relevant to Find Me. For instructions on how to update language strings and a complete library of strings, see the Language Strings Library. Language strings related to Find Me will be listed under the Location “Find Me.” The diagram below shows the most commonly used language strings for the Find Me feature (click to enlarge.)

4. Enforce User Lock Timeout for Failed Password Attempts

This release guide describes how to enable settings that will enforce user lockout when the user tries too many times to enter a password. The user can be locked out for a configurable period of time, and a message will be displayed explaining this to the user. The Aspenware Commerce administrator can configure both the number of failed attempts and the duration for the lock timeout.

How to Enable a Lock Timeout

Note that the default behavior for user lockout is OFF, so if you wish to enforce this timeout, you must configure two settings and a language string. Follow these steps to turn on user lockouts

Steps to enable user lockout number of login failures and lockout time

Log into Aspenware Commerce as an administrator.

Go to Configuration > Settings>Customer Settings>Password and Security

Enter the number of Maximum login failures for retries (e.g., 5)
Enter the Lockout time (login failures) in minutes (e.g., 30 minutes)

Steps to Update the language string for the user-facing message when user is locked out

Go to Configuration > Languages > Edit
Enter account.login.wrongcredentials.lockedout in Resource Name and select Search.
Select Edit to update the Value to your desired user-facing message, e.g. “You have retried too many times and are locked out. Please try again later.”
Select Update to save your changes.