Profile Management (B2C)

At some point, you may need to change the information stored in a user’s profile. A user’s profile (also known as the user’s account) is stored in Login 3.0, and changes to the information it contains may need to happen for a number of different reasons:

• Self-served information updates

• Mandatory updates concerning your organization’s T's & C’s

• Changes due to regulatory compliance

You cannot directly access a user profile across multiple Login 3.0 tenants. If you’re deploying multiple Login 3.0 tenants to production, then this is something you need to be aware of.

An Identity Provider populates a user’s profile using data supplied during the login process, and this is referred to as the Normalized User Profile.

The Normalized User Profile is updated from the identity provider during login. Any modifications to user profiles or related configurations must be requested and handled by the UPBOND team. See User Profile Data Modification for more information.

By default, there is one user profile created for each user identity, and there are a number of things to consider:

• What should you do if you need to store information to help customize a user’s experience?

• What if you need to store user information that didn’t originate from an identity provider?

• Why would you need to store user-related information that a user cannot modify?

• What do you do if you need to store user-related information that a user cannot modify?

Login 3.0 provides for the storage of metadata against a user’s profile, which allows for the capture of additional information, such as preference for language and/or accessibility in order to enhance the user experience. Metadata can be used to store both information that a user can change, and also information they can’t; the latter giving you the capability of associating, for example, a user profile with records in your existing systems without modifying existing implementation.

Account Verification

You’ll also need to work with a verified user account at all times and make use of the mechanisms Login 3.0 provides. You should also consider regulatory compliance like GDPR, which has very specific requirements for protecting EU citizens from privacy and data breaches.

Login 3.0 provides out-of-box functionality for sending a verification email to a user's email address to verify their account. By default, Login 3.0 automatically sends verification emails for any Database Connection identity created as part of self sign-up. However, all configurations related to account verification must be managed by the UPBOND team.

Blocking Users

Blocking user access in Login 3.0 provides a way to prevent user login to applications under certain conditions. All configurations related to user blocking must be handled by the UPBOND team.

Linking User Accounts

By default, there is one user profile (user account) for each user identity. If you enable login from multiple identity providers – via Facebook or Google social authentication as well as via Login 3.0 username and password authentication – then each will have a separate user profile. You can use Login 3.0’s functionality for linking user accounts to create one profile for a user as an aggregate of all their associated identities. All configurations related to linking user accounts must be requested from the UPBOND team.

De-provisioning

Your application may need to support a user’s request to remove their account (for example, you might need to meet GDPR requirements). You can implement such a feature, along with a number of other profile-related functions, through support from the UPBOND team.

Login 3.0 is capable of supporting various privacy-related requirements including the display of links to consent notices on signup and data protection to support the rights of users to view and correct data you’ve collected about them. All de-provisioning requests and configurations must be handled by the UPBOND team.

GDPR and other privacy directives require that users have the right to view and correct data held about them. They also have the right to be “forgotten.” UPBOND can help address these requirements and meet your legislative obligations.