Tenant Check (B2C)

Tenant Configuration Guide for Login 3.0

This section covers a list of configurations to check in your tenant. This should be done periodically during development and sufficiently before launch so you have time to fix anything amiss. All configurations and setups in Login 3.0 must be handled by the UPBOND team upon request.

General Tenant Check

Tenant Preparation Check

Check to ensure you have set up tenant environments to support your SDLC lifecycle and that Dev, Test, and Prod tenants are cleanly separated so that ongoing development work after launch doesn’t negatively impact your production environment. All tenant preparation must be coordinated with the UPBOND team.

Every company has some form of Software Development Life Cycle (SDLC), and throughout the development process, you will want to align with that strategy. For instance, you need to be able to test your integration with Login 3.0 in a similar fashion as you test the applications themselves. It is therefore important to structure Login 3.0 tenants to support your SDLC, and there is a consistent pattern which our customers typically follow when it comes to the best practices associated with tenant layout for doing so:

Environment	Sample Tenant Name	Description
Development	company-dev	A shared environment where most of your development work occurs
QA/Testing	company-qa or company-uat	An environment for formal testing of the changes you've made
Production	company-prod	The production tenant

In some cases, you may also want to create one or more sandboxes (e.g., company-sandbox1, company-sandbox2) so that you can test changes without compromising your development environment. This might be where you test deployment scripts and the like.

Tenant Association Check

To ensure that your tenants are all associated with your Login 3.0 contractual agreement and have the same features, ensure all your tenants are associated with your company account. All tenant association tasks must be requested from the UPBOND team.

Specify Production Tenant

To ensure Login 3.0 recognizes your production tenant, be sure to set your production tenant with the “production” flag. This must be managed by the UPBOND team.

Tenant Production Check

Login 3.0 provides a Production Check facility to detect many common errors. You should ensure this has been run and any findings from the report mitigated before launch. All production checks must be coordinated with the UPBOND team.

Tenant Settings Check

Make sure to follow the Login 3.0 tenant settings recommendations in configuring your branding as well as your support email and support URL so users know how to get help if an issue occurs. You'll want to check your SSO Session Timeout settings and the list of admins with access to your production tenant as well. All tenant settings must be managed by the UPBOND team.

Error Page Customization

If there are issues encountered during user interactive workflow (e.g., user sign-up or login), Login 3.0 provides error messages that indicate what the problem is under the hood. These error pages can be customized to provide context-specific information directly to your users. All error page customizations must be handled by the UPBOND team.

Legacy Feature Flags Off

If you have an older tenant, you may have various legacy feature flags enabled in your tenant settings advanced tab. If you have any toggles on in the “Migrations” section of this tab, you should review your usage and make plans to migrate off the legacy feature. All legacy feature flag reviews must be coordinated with the UPBOND team.

Delegated Admin Extension

While you are checking the list of users with access to your production tenant, don't forget to check any users specified in the Delegated Admin Extension. This must be managed by the UPBOND team.

Custom Domain Naming Setup

By default, the URL associated with your tenant will include its name and possibly a region-specific identifier. A Custom Domain offers a way of providing your users with a consistent experience by using a name that’s consistent with your organization's brand. All custom domain configurations must be requested and managed by the UPBOND team.

Application and Connection Settings Check

Each of your connection settings should be reviewed against the connection configuration best practices. In addition, you should review that all connections are appropriate and that no experimental connections are left in your production tenant as they could enable unauthorized access. All connection settings must be handled by the UPBOND team.

Page Customization Check

UI Customizations Check

UI Customizations must be managed by the UPBOND team.

Authorization Check

If you are using Login 3.0’s authorization feature, be sure to double-check all privileges granted to ensure authorizations are appropriate for your production environment. All authorization checks must be requested from the UPBOND team.

API Configuration Check

All API configurations, including access token expiration, signing algorithms, and validation, must be reviewed and managed by the UPBOND team.

Email Templates Customized

Before customizing email templates, you must set up your Email Provider. All email template customizations must be handled by the UPBOND team.

Attack Protection Configured

Ensure that your attack protection with Login 3.0 is configured correctly. All attack protection configurations must be managed by the UPBOND team.