Application settings

Learn more about how to get started with a single-page or multi-page web application with Strivacity.

A Strivacity application is a collection of policies that define the sign-in, sign-up, and self-service journey for your brand’s protected resources. This page will show you how to configure mandatory settings, adjust default session management settings, and manage optional add-ons like consents, lifecycle event hooks, or login providers.

📘

You can choose from three types of applications depending on the complexity of your brand’s organizational needs. Mandatory settings and most of the optional settings are the same for each application type.

Mandatory settings

When creating a new application, some mandatory settings must be configured to save the application.

General tab

Name

The name of the application goes here. The application will appear by this name in the application listing.

Identity store

Applications need an identity store that will contain the customer and administrative identities signing up, invited, or created.

❗️

Identity stores for organization-enabled applications (organization-only and hybrid) can't be changed after being saved when creating the application.

Policies tab

You can set up policies for the application that define the functionality and appearance of customer experiences.

📘

A policy is simply a group of reusable common settings that can be assigned to an application. You can reuse the same policy by applying it to one or more applications.

Adaptive access policy

Defines the login workflow, access rules, and MFA requirements of the application.

Self-service policy

Defines in-line and account and self-service capabilities.

Branding policy

Allows you to add unique branding to customer experiences.

Notification policy

Defines notification content that is sent to customers.

Optional settings

You can manage optional settings that give you command over many aspects of the application. You can navigate to Applications in the Admin Console and select an application to access configurations.

Description

You can add a brief description of the application that appears in the Admin Console only.

Group restriction (within identity stores)

The purpose of group restriction is to provide customers access to the applications relevant only to them while multiple applications can use the same identity store.

Identity verification policy

This policy allows you to confirm the identity of your online customers by applying document-centric and data-centric methods.

📘

Identity verification is an add-on capability that can be requested. Check with your Strivacity sales or customer success representative to add these features to your service.

Session management

Session management settings allow you to define the parameters of your users' login and account sessions.

Keep me logged in

“Keep me logged in” is a feature that users can opt in/out of when signing up or logging into their accounts. It will allow users to return to their abandoned session* without re-authentication until the specified inactivity timeout elapses.

📘

An abandoned session means a user closes their browser tab but doesn’t log out of their account.

This option for users is enabled by default. The "Keep me logged in” checkbox appears in the sign-up and sign-in journeys at the password field.

If users don’t check “Keep me logged in”, they need to re-authenticate to access their profile if they’ve previously abandoned their session.

Fastpath

Combined with device recognition, "Keep me logged in" can remove friction from the sign-in experience entirely for a single user account in a browser. Fastpath skips account selection and simply forwards a user to their profile when they return to their abandoned session.

Fastpath is a result of the combination of these conditions:

  • The user has checked “Keep me logged in” at a previous sign-in
  • Only a single account is remembered in the browser’s session
  • The user is signing in from a trusted device which means
    • they’ve opted in to “Remember my device” when completing an MFA step at a previous sign-in
    • their device is within the device recognition lifetime set in Adaptive rules
  • The user's session is within the inactivity timeout (and the session max age if applied)

Customers can active Fastpath if they select “Keep me logged in” when

  • Asked for their password
  • At the bottom of their registration form
  • While completing their invitation
Enter password screen after a Fastpath determination

Password screen

Inactivity timeout

Inactivity timeout allows a customer to return to their abandoned session without needing to re-authenticate if they’ve checked “Keep me logged in” while signing in. The inactivity timeout is reset every time a customer returns to their session successfully.

If a user tries to return to their session once the inactivity timeout is up, they need to re-enter their password to access the application again.

Session max age

Session max age determines how long inactivity timeout is allowed to be reset when returning to an abandoned session. If the session reaches its total allowed lifetime, the customer needs to re-authenticate even if they were still within the latest inactivity timeout.

Session max age is activated by switching on “Let session expire”.

Login session max age

This setting determines how long you want to keep a login session alive once a customer starts their login or registration journey. If customers can't authenticate or register before the time is up, they'll receive a session expired message.

Default parameters

The following session management configurations and parameters are applied to every application by default:

SettingDefault value
“Keep me logged in” option display at sign-in and sign-upturned on
Inactivity timeout168 hours (7 days)
Let session expireturned off
Session max age43200 minutes (30 days)
Login flow management5 minutes

Consent management

Here, you can configure any Consent Management option for this Application. For further information on setting up Consent Statements see Creating a Consent (if you do not have any created yet) or Assigning a Consent to an Application.

Lifecycle event hooks

The Strivacity Lifecycle Event Hooks (LEH) provide a method to integrate your customer-facing applications with homegrown systems and third-party products.

Once you've created event hooks and tested the integration of the hook with your third-party enterprise applications, you can assign it and its functions to a customer-facing application.

This is the last step to realizing the actual functionality of your event hook for your application.

Policies

Identity verification policy

This policy allows you to confirm the identity of your online customers by applying document-centric and data-centric methods.

📘

Identity verification is an add-on capability that can be requested. Check with your Strivacity sales or customer success representative to add these features to your service.

Login providers

Here, you can configure how you want to provide the login experience for your application.

Interactive login

Switch off interactive login and registration when you want to use an application exclusively for machine-to-machine communication e.g. with APIs. This way customers won't be able to log in to your application.

Local login

You can disable local login when you only want to use external login providers.

When local login is disabled:

  • username or email address fields will not appear on the login screen
  • the forgotten username option will not be available
  • your customers will not see their remembered accounts

External login

Strivacity supports external identity providers that allow your customers to federate into applications using their existing enterprise or social identity.

📘

We support multiple social provider integrations.

You can find out more about how to set up your enterprise login for an application here.

Forward customers to external provider

You can create a seamless experience if only one external provider is available for your application. If switched on, customers will land directly on the external provider’s authorization page at login.