Gigya Job Openings

Phone Number Login

Skip to end of metadata
Go to start of metadata

Overview

When using Customer Identity, you can provide your site users with the option to authenticate using a one-time code that is sent by SMS to their mobile phone, rather than using their emails or a username. When using Phone Number Login, the registration and login flows are identical. This means that if the phone being used is not saved to your database, a new account is created; if the phone exists, the account is updated. 

Note that the phone number formatting used in this feature is E.164.

This page describes how to configure and implement Phone Number Login.

SMS Providers

Supported SMS Providers

To use Phone Number Login, you must first configure an SMS provider. We currently support the following providers:

  • Twilio
  • Live Link

SAP Live Link 365 provides SMS, email, and Two-Factor Authentication APIs as well as comprehensive development resources that enable users to connect to their customers easily and quickly.

 

Configuring SMS Providers

  1. Open Gigya's Console.
  2. From the user menu on the top right corner, select Admin.
  3. In the left menu, select SMS Providers
  4. Select the Provider
  5. Enter your credentials under App ID and Secret.
  6. From Number is a Twilio definition of the number sending out the SMS. The Gigya configuration should match Twilio's. This must be a standard Twilio number (not a short code) and may only contain digits.
  7. You can add numbers and country codes to a white list and/or a black list. When adding country codes to the white list, an SMS can be sent only to users in those countries. When a code or phone number is added to the black list, an SMS is specifically disallowed to that number. For example, you can add to your white list a list of allowed country codes, followed by a star (e.g. +44* ), and black list high-cost premium number phone codes in those countries. 
  8. Save your configuration. 

 

Notes

  • When using LiveLink you must provision all the countries you want to support during account configuration prior to implementing on CDC.
  • The message received by the end-user is not configurable.

 

Configuration

You can display Phone Number Registration screens using Gigya's Screen-Sets, or by setting up an API implementation. Note that unlike other Gigya screens, you may edit the look and feel of the Mobile Login screens, but do not add any input fields to them. Data submitted by the user to fields that are not part of the original screens, will not be saved to the database.

Implementing Phone Number Login using screen-sets requires creating a new collection and (optionally) modifying the appearance of the mobile login screens; then ensuring that all required schema fields are in place in the Registration Completion screen. Remember that phone number login screens do not pass any additional field data (besides the phone number), so if your schema does include required fields, they must all be present in Registration Completion. See below for details on different use cases. 

When users register with their phone number, that number is saved to the phoneNumber field in the Accounts Object

Only the Mobile Login screens should be used for phone number login. No other screens will fully support this functionality.

 

Mobile Login Screens

  1. Open Gigya's Console on the Screen-Sets page
  2. Create a new screen-set collection by clicking Add New Collection.
  3. The mobile login screens are included in the RegistrationLogin screen-set. Open that screen-set to edit them. 
  4. Select the Mobile Login or the Mobile Login Verification screens on the left hand menu, under Screens.  
  5. You may change colors, assign CSS and change the look and feel of the screen, but do not add any input fields. For more information on editing screens, see UI Builder
  6. Save your changes. 

The default user-facing screens: 

Mobile Login

 

 

 

Mobile Login Verification 

 

Phone Number Update

 

Since a verification process is required for inputting a phone number, you cannot map the phoneNumber field to an element in the UI Builder, but only use the preconfigured input element in the Mobile Login screen. 

 

Registration Completion Screen

You can find the Registration Completion screen in the same screen-set (RegistrationLogin). Add required fields by dragging input fields such as text boxes, dropdowns or checkboxes, and mapping them to the required schema field using the Properties pane on the right. For more information, see UI Builder

Gathering User Consent

To gather consent from a user that is registering with Phone Number Login (assuming you are using Enterprise Preference Management), all necessary consent statements must be on the Registration Completion screen.

COPPA Compliance

If your site policy includes COPPA compliance, make sure to include the birth date fields in the Registration Completion screen. 


Linking Accounts

An account that uses phone number as the identifier is considered a site account. Note that two site accounts cannot be linked. Social networks can only be linked to a Phone Number Login account by using the Add Connections functionality. Phone Number Login does not support a screen-set based link account flow.

Phone Number Update

Allow users to edit their phone numbers on the Profile Update screen by adding a link that starts a new flow for updating their phone number. This flow (2 screens in the Profile Update screen-set), includes the user inputting their new number and receiving a code to that number for verification.

To enable users to edit their login phone numbers:

  1. Login to the Console and navigate to the Screen-Sets page, and open the Profile Update screen-set, on the Update Profile screen.
  2. Drag a Label control into the screen from the left-hand Controls menu. This will display to the user their existing phone number, as well as a link to change it.
  3. Under Properties, edit the label, in the following structure: {{accountInfo.phoneNumber}} <a data-switch-screen="gigya-mobile-edit-screen">Change</a>. Explanation:
    • {{accountInfo.phoneNumber}} displays to the user their existing login phone number.
    • The <a> tag creates a link, in this case with the text "Change". Edit this text as needed.
    • The link itself is an internal link that opens a different screen from within the update profile screen, using the internal name gigya-mobile-edit-screen.
  4. Save your changes.


Adding Screens to your Site

For a guide on adding Gigya screens to your site, see Customer Identity Quick Start Guide

Note that the mobile login flow is separate from the regular Screen-Sets Registration Flow, and should be specified as the start screen, as per the following example. Otherwise, the displayed screen will be the default login screen (with email or username, not phone). 

gigya.accounts.showScreenSet({
    screenSet:'Default-RegistrationLogin',
    startScreen:'gigya-mobile-login-screen' //Specify the Mobile Login start screen, rather that the login one.
});

 

 

API-Based Implementation

When implementing Phone Number Login using server-side APIs, the following APIs are used to send the code to the user's phone, and to log them in using the temporary code: 

 

Limitations

The following limitations apply for Phone Number Login screen-set implementations: 

  • There is a 10 seconds wait between consecutive requests for an SMS code.

  • Up to 5 SMS code requests are allowed per phone number in a 5 minutes window.

  • After 5 SMS requests that do not complete (no successful login), there is a 5 minute cool-down period (no logins allowed for that phone).

  • To minimize risk,the system validates that the device that requested the code is the same device used for logging in. 

  • The SMS code is valid for 5 minutes. 

  • Like in other login flows, additional user data cannot be saved in a phone number login flow (i.e., you cannot add input fields to the phone number login screen, or change existing field mappings).

 

The above limitations do not apply to server-side requests, only to screen-set implementations. If you are setting up an API implementations, apply limitations as per your company policy.

Phone Number Login Data

Reports

When users log in or register with their mobile phone, the data is reflected in the reports that show logins and new registrations, accordingly. For more information, see User Identities Reports.

 

Identity Access

If a user has logged in or registered with their mobile phone, that will appear in a user's profile page in Identity Access, in the Personal Information section, under Phone. Note that other numbers may appear under Additional Phones - these are saved to the account, but are not a login ID. 

In the Identity Access main page, you can search by a user's phone number by using a custom WHERE clause using the filter bar , or search by the phoneNumber field (under Special FieldsIdentities) when selecting Search by > Custom. You can then view their profile data by selecting a user from the list of results. 

accounts.search

You may search for accounts that have a value in the phoneNumber field, by calling accounts.search, for example: 

"select * from accounts WHERE phoneNumber !=null"

 

Audit Log

The phone number login APIs are included in the Audit Log

 

 

 

Additional Information

accounts.otp.sendCode REST

accounts.otp.login REST

accounts.otp.update REST

 

 

 

 

 

 

 

.

  • No labels