Default identity store configuration

Overview

Your fresh instance comes with a ready-to-use identity store that

supports both available identifiers (username and email)
is equipped with a Default password policy
contain a comprehensive list of Default identity store attributes

Identifiers

Identifiers are unique credentials that identify customers in the identity stores. Identity stores can support both email addresses and usernames.

Identity stores can be configured to use username only, email only, or both email address and username at the same time.

🚧
Warning The supported identifiers can only be configured when creating a new identity store. Once you've saved and created a new identity store, identifiers can't be modified for keeping customer data intact and ensuring uninterrupted access.

Comparison of identity store types

There are some capabilities that are affected by the type of identifier(s) the identity store supports.

Here's a side-by-side comparison of how identifiers affect specific capabilities:

Capabilities	'EMAIL' and 'USERNAMe' identifiers	'EMAIL' identifier only	'USERNAME' identifier only
Self-service registration	Both supported identifiers are also required by the customer to continue their registration journey.	Only an email address is required at registration, there is no field to add a 'USERNAME' identifier.	Only a username is required at registration, there is no field to add an 'EMAIL' identifier. Customers could still add a 'primary emal address' to their profile information if an attribute is configured for that purpose, but that email address WON'T serve as an identifier.
Login	Although, both required at registration, customers can use either of their identifiers to identify themselves when logging in.	Customer can identify themselves with their 'EMAIL' identifier.	Customer can identify themselves with their 'USERNAME' identifier.
Account invitation	Account invitation are sent to customers via email. Customers can sign-up with the email address where the invitation is sent if the identity store supports the 'EMAIL' identifier.	Account invitation are sent to customers via email. Customers can sign-up with the email address where the invitation is sent if the identity store supports the 'EMAIL' identifier.	Account invitation are sent to customers via email. In the case of username-only identity stores, the email address where the invitation is sent can't be used as an identifier.
Account activation	If this self-service capability is enabled, customers receive account activation links to the email address they've provided as an identifier.	If this self-service capability is enabled, customers receive account activation links to the email address they've provided as an identifier.	In case of identity stores that only support the ‘USERNAME’ identifier, account activation is ignored.
Username reminders	Customers are asked to provide an email address when requesting a username reminder. If there's a matching email address in the identity store (an 'EMAIL' identifier or profile information) then the reminder will be sent.	Username reminders are not available for email-only identity stores. In this case, you can disable this capability in the related self-service policy.	Customers are asked to provide an email address when requesting a username reminder. If there's a matching email address in the identity store, in this case an email address in the customer's profile information, the reminder will be sent.
Self-service password reset	Password reset links are automatically sent to the 'EMAIL' identifier when a customer requests it. After the initial request, customers can re-request password reset to their phones if they have a confirmed phone number in their profile.	Password reset links are automatically sent to the 'EMAIL' identifier when a customer requests it. After the initial request, customers can re-request password reset to their phones if they have a confirmed phone number in their profile.	In case of identity stores that only support the 'USERNAME' identifier, the password reset option is only available when a customer has a confirmed email address or phone number.
Account deletion notification	Customers are sent a follow-up email if they request an account termination in their self-service account. They receive an account deletion notification, and confirmation afterwards to the email address they have as an identifier.	Customers are sent a follow-up email if they request an account termination in their self-service account. They receive an account deletion notification, and confirmation afterwards to the email address they have as an identifier.	Customers are sent a follow-up email upon requesting account termination if they have an email address provided in their profile information. ⚠The account deletion notification is ignored if no email address is available which results in immediate account termination.

Danger Zone

🚧
For every crucial asset that you’re allowed to delete from the Admin Console, there’s a Danger Zone. Danger Zones are safeguards at the bottom of editing screens that add extra friction to the administrative experience to make sure that deletion only happens when intended.

If you choose to delete the identity store, you will be asked to confirm your choice: