Back to Home PageView SDKs on GithubView APIs in ReadmeSystem Status
Search…
Prague
Strivacity Fusion: Prague Release
SUPPORT INFORMATION
Raising a Support Ticket
Security Vulnerability Response
Reporting a Security Issue
Our Service Level Commitment
Getting Started
Overview
Product Components
Pre-Configured Best Practices
Using the Dashboard
Overview
APIs
Using the REST APIs
Adaptive APIs
Administrative APIs
Anonymous Visitor and Consent APIs
Authentication APIs
Customer Lifecycle APIs
Customer Self-Service APIs
API security policy
Setup and Manage
Adaptive Multi-factor Authentication
Claim Dialects
Consent Management
Enterprise Login
Identity Stores
Password Polices
Integrate Your Applications
Lifecycle Event Hooks
Assigning an Event Hook to an Application
Creating an Event Hook
Using The IDE
Notification Policies
Self-service
Rebranding and Customization
Using Your Own Brand, Logos, and Color Schemes
Using Multiple Custom Domain Names
Customizing Email Templates
Customizing SMS Templates
Rebranding the Admin Console
Localization
Managing Accounts and Groups
Overview
Creating an Account
Editing an Account
Delete an Account
Enable/Disable an Account
Creating a Group
Deleting a Group
Managing Group Membership
Configuration
Admin Roles
Admin Adaptive MFA
Admin Branding
Admin Notifications
Admin Users
General
Logging
REST API Access Policies
Integrations
CRM, CDP, and Marketing
External identity providers
Passwordless
Identity proofing
Productivity
Security
Social Login
Developer SDKs
Overview
Android Mobile SDK
iOS Mobile SDK
Architecture and Deployment
Rate Limiting
Brute-force Protections
Regional Availability
Powered By GitBook
Lifecycle Event Hooks
Learn how to setup and use Lifecycle Event Hooks to integrate your customer facing applications with any other homegrown systems or third-party products that you may own, such as CRM or Marketing Hubs

Overview

Strivacity Fusion's Lifecycle Event Hooks (LEH) provide a method to integrate your customer facing applications with homegrown systems and third-party products.
Lifecycle Event Hooks can be used in many different ways. Some of the more common use cases involve customizing registration, updating or fetching data from remote systems such as CRMs during certain lifecycle events, or alerting third-party systems on specific events of interest such as:
  • Deep customization of registration - Brands often require extensive customization of the registration process. Information from external systems, such as CRMs, may be required to keep multiple disparate databases in sync. Often a brand will pull this in during a pre-registration hook to allow it to be submitted during the Registration process. New or additional information can be easily synchronized back to an external system in real time.
  • Customer data synchronization - Brands may require keeping disparate customer databases in sync, such as the customer identity store and a remote CRM system. Customer Lifecycle Event Hooks can be used to dispatch information about events of interest to these remote systems.
  • Alerting - Brands may desire to be alerted when an event of interest occurs, such as a password reset request.
  • Consume and use threat information - Insert threat detection and mitigation into any point in the customer lifecycle, giving security teams highly contextual alerting when threats are detected. Existing threat information can be used to make risk analysis decisions.
An actual Lifecycle Event Hook is a brand provided snippet of javascript code that executes at predefined points in a customer's lifecycle, such as registration, logon, consent opt in or out, or account deletion. A full listing of events and how they can be used is provided below. All snippet code executes within the context of the Strivacity Fusion platform in a safe and secure sandboxed environment. Two modes are supported:
  • Synchronous - Control is transferred to the script for execution. Upon completion, control is returned to Strivacity Fusion's normal workflow execution.
  • Asynchronous - The script is executed but control is not transferred, and Strivacity Fusion continues on with its normal workflow execution.
The brand decides and can configure, in the administration console, whether an event hook should execute synchronously or asynchronously.

Supported Events

The following table shows a summary of the events that are supported by Strivacity Fusion with examples of how they can be used:
Event Type
Purpose
Pre-ID Token Generation
Used to add additional claims to OIDC and OAUTH by fetching data from an external systems before the ID token is generated
Post-MFA Factor Change
Trigger an external event or fetch data from an external system once the customer has completed the verification of a new/additional MFA factor during enrollment or removed a factor.
Post-Social Login
Trigger an external event or fetch data from an external system once a customer has successfully completed registration using a social login provider.
Post-Consent Update
This event is triggered after a customer opts into or opts our of any consents at registration or self-service. Use this event to synchronize consents with other third-party systems such as marketing hubs, email advertising platforms or CRMs.
Pre-Registration
Fetch data from an external system so it can be used and stored with a customers account during the account registration process
Post-Identification
This event is triggered once the customer has provided their identifier (email address or username) and before they are asked for any factor of authentication.
​
This can be used to step-up or step-down the authentication journey based on an external event, risk data from an external system, or other account attribute information for that customer.
Post-Account Login
Trigger an external event of fetch data from an external system after the customer has successfully authenticated and they have an ID token.
Pre-Progressive Profiling
This event launches after successful authentication, right before a customer login flow is completed.
​
Make the best of this extra step in the workflow and use hooks to adapt to various progressive profiling scenarios:
  • ask for consents only in specific geographical areas
  • decide when's a good time to display consents or fields in the login flow
  • give your long-time customers a break and let them skip new mandatory fields or consents for a while
Deny Authentication
This event occurs when customer authentication or registration fails for some reason. Use this event in the workflow to hook in your custom error message or to redirect your customer in case they're denied authentication.
Post-Registration
Once a customer has successfully completed the account registration process this event is triggered to trigger an external event or fetch/update data with an external system
Post-Account Activation
Used to trigger an external event once a customer has clicked the account activation link sent via Email during self-service registration
Pre-Password Reset
This event is triggered after the customer has initiated the Forgot my Password process from the login screen, and before the customer completes the password reset workflow
Post-Password Reset
This event is triggered after the the customer has successfully reset their password. You can use this event to trigger an external event or write data to a third-party system
Post-Forgotten Username
This event is triggered after a customer has completed a Forgotten Username request using the forgot my username via the login screen.
Pre-MFA Method Dispatch
Trigger an external event or fetch data before the MFA transaction has reached the customer, e.g. before an SMS or Email is sent. You can use this to notify based on step-up authentication event occurring but not yet completing - a sign of suspicious account activity.
Post-MFA Method Dispatch
Once an MFA transaction has completed, i.e. verification was successful you can use this to trigger an external event or notification based on that step-up authentication event occurring and completing.
Post-Account Deletion
Once a customer account has been deleted you can use this to trigger an external event of notification or account deletion process in other systems.
Post-Account Disabled
Once a customer account has been disabled then you can use this to trigger an account disabled event of notification or account disable process in other systems.
Missing Mandatory Attribute or Consent Post-Authentication
This event is triggered post-authentication and can be used to request mandatory user attributes and/or consents that may not be populated. For consents, this hook can be used to request opt-in to new consents of subscriptions, or changes/updates to consents. For missing/enforcement of attributes - this can be used for progressive profiling purposes to request certain information from the customer during login.

How It Works

Click to Enlarge

Example Usage Scenarios

  • Customize registration by bringing in and persisting external data
  • Establish a single source of truth and synchronize customer data across multiple systems
  • Insert threat detection and response into any point in the customer lifecycle
  • Alert your customer service or security teams to events of interest
  • Trigger workflow in external orchestration systems when customers perform specific actions
  • Make location based decisions in customer login and registration flows
Previous
Setup a SAML2 Integration
Next
Assigning an Event Hook to an Application
Last modified 4mo ago
Export as PDF
Copy link
Contents
Overview
Supported Events
How It Works
Example Usage Scenarios