4. Social Sign‐In design · develop · deliver
• Enable visitors to register for your website or
applica?on using their preferred creden?als
3
5. Social Sign‐In design · develop · deliver
• Enable visitors to register for your website or
applica?on using their preferred creden?als
• Leverage a third‐party as an Iden.ty Provider
3
6. Social Sign‐In design · develop · deliver
• Enable visitors to register for your website or
applica?on using their preferred creden?als
• Leverage a third‐party as an Iden.ty Provider
• Ranges from simple authen?ca?on to
advanced social integra?on
3
7. Social Sign‐In design · develop · deliver
• Enable visitors to register for your website or
applica?on using their preferred creden?als
• Leverage a third‐party as an Iden.ty Provider
• Ranges from simple authen?ca?on to
advanced social integra?on
• Examples everywhere
3
15. Advantages design · develop · deliver
• Reduce “login fa?gue”
• Increased conversion rate
• BeRer contextual data
• Reduces implementa?on effort (do you really
want to write YAAS)?
7
16. Advantages design · develop · deliver
• Reduce “login fa?gue”
• Increased conversion rate
• BeRer contextual data
• Reduces implementa?on effort (do you really
want to write YAAS)?
• Increased security
7
17. The Numbers design · develop · deliver
h5p://www.janrain.com/consumer‐research‐social‐signin
8
18. The Numbers design · develop · deliver
• Just 25% of users are generally willing to
complete a registra?on
h5p://www.janrain.com/consumer‐research‐social‐signin
8
19. The Numbers design · develop · deliver
• Just 25% of users are generally willing to
complete a registra?on
• 76% have given incorrect/incomplete
informa?on
h5p://www.janrain.com/consumer‐research‐social‐signin
8
20. The Numbers design · develop · deliver
• Just 25% of users are generally willing to
complete a registra?on
• 76% have given incorrect/incomplete
informa?on
• 45% leave a website rather than rese[ng a
password
h5p://www.janrain.com/consumer‐research‐social‐signin
8
21. The Numbers design · develop · deliver
• Just 25% of users are generally willing to
complete a registra?on
• 76% have given incorrect/incomplete
informa?on
• 45% leave a website rather than rese[ng a
password
• More willing to return to ‐ and purchase from ‐
sites that automa?cally recognize users
h5p://www.janrain.com/consumer‐research‐social‐signin
8
22. design · develop · deliver
Social Sign‐In
Why Might You Not
Want It?
9
24. Disadvantages design · develop · deliver
• Handing off cri?cal site func?onality to a third
party
10
25. Disadvantages design · develop · deliver
• Handing off cri?cal site func?onality to a third
party
• Regulated industries may have issues
10
26. Disadvantages design · develop · deliver
• Handing off cri?cal site func?onality to a third
party
• Regulated industries may have issues
• Can increase opera?onal costs
10
27. Disadvantages design · develop · deliver
• Handing off cri?cal site func?onality to a third
party
• Regulated industries may have issues
• Can increase opera?onal costs
• Changing APIs can be a problem
10
29. Best Prac<ces design · develop · deliver
h5p://info.gigya.com/rs/gigya/images/Social_Iden.ty_Best_Prac.ces_Gigya.pdf
12
30. Best Prac<ces design · develop · deliver
• Use social network branding
h5p://info.gigya.com/rs/gigya/images/Social_Iden.ty_Best_Prac.ces_Gigya.pdf
12
31. Best Prac<ces design · develop · deliver
• Use social network branding
• Offer mul?ple IDPs
h5p://info.gigya.com/rs/gigya/images/Social_Iden.ty_Best_Prac.ces_Gigya.pdf
12
32. Best Prac<ces design · develop · deliver
• Use social network branding
• Offer mul?ple IDPs
• Provide reasons to register
h5p://info.gigya.com/rs/gigya/images/Social_Iden.ty_Best_Prac.ces_Gigya.pdf
12
33. Best Prac<ces design · develop · deliver
• Use social network branding
• Offer mul?ple IDPs
• Provide reasons to register
• Use available data to streamline registra?on
h5p://info.gigya.com/rs/gigya/images/Social_Iden.ty_Best_Prac.ces_Gigya.pdf
12
34. Best Prac<ces design · develop · deliver
• Use social network branding
• Offer mul?ple IDPs
• Provide reasons to register
• Use available data to streamline registra?on
• Link exis?ng accounts
h5p://info.gigya.com/rs/gigya/images/Social_Iden.ty_Best_Prac.ces_Gigya.pdf
12
35. Best Prac<ces design · develop · deliver
• Use social network branding
• Offer mul?ple IDPs
• Provide reasons to register
• Use available data to streamline registra?on
• Link exis?ng accounts
• Give clear confirma?on once a user is signed in
h5p://info.gigya.com/rs/gigya/images/Social_Iden.ty_Best_Prac.ces_Gigya.pdf
12
36. Best Prac<ces design · develop · deliver
• Use social network branding
• Offer mul?ple IDPs
• Provide reasons to register
• Use available data to streamline registra?on
• Link exis?ng accounts
• Give clear confirma?on once a user is signed in
• Analyze to op?mize
h5p://info.gigya.com/rs/gigya/images/Social_Iden.ty_Best_Prac.ces_Gigya.pdf
12
38. Implementa<on design · develop · deliver
• Choice: write to APIs for each individual
provider, or use an aggregate API
13
39. Implementa<on design · develop · deliver
• Choice: write to APIs for each individual
provider, or use an aggregate API
• Choice: roll your own, use a stand‐alone API, or
use an API that calls to a service
13
40. Implementa<on design · develop · deliver
• Choice: write to APIs for each individual
provider, or use an aggregate API
• Choice: roll your own, use a stand‐alone API, or
use an API that calls to a service
• No maRer which choices you make, there will
s?ll be development work to do
13
49. What else? design · develop · deliver
• Authen?ca?on is step 1, the rest is s?ll up to
you
15
50. What else? design · develop · deliver
• Authen?ca?on is step 1, the rest is s?ll up to
you
• When you get a token back from the IDP, use it
to get informa?on about the user and ?e it to
an account on your site
15
51. What else? design · develop · deliver
• Authen?ca?on is step 1, the rest is s?ll up to
you
• When you get a token back from the IDP, use it
to get informa?on about the user and ?e it to
an account on your site
• Op?onally add social sharing, social context,
etc.
15
*1\nNo need for someone to create new credentials just to use your site/application\n*2\nIDP&#x2019;s include Facebook (most popular), Twitter, Google, LinkedIn, Microsoft, OpenID, many more\n*3\nSimple case - prevent users from having to fill out yet another reigistration\nComplex case - social context (HuffPo), social sharing, social personalization (based on profile)\nDifferentiate authentication and authorization\n\n\n
*1\nNo need for someone to create new credentials just to use your site/application\n*2\nIDP&#x2019;s include Facebook (most popular), Twitter, Google, LinkedIn, Microsoft, OpenID, many more\n*3\nSimple case - prevent users from having to fill out yet another reigistration\nComplex case - social context (HuffPo), social sharing, social personalization (based on profile)\nDifferentiate authentication and authorization\n\n\n
*1\nNo need for someone to create new credentials just to use your site/application\n*2\nIDP&#x2019;s include Facebook (most popular), Twitter, Google, LinkedIn, Microsoft, OpenID, many more\n*3\nSimple case - prevent users from having to fill out yet another reigistration\nComplex case - social context (HuffPo), social sharing, social personalization (based on profile)\nDifferentiate authentication and authorization\n\n\n
*1\nNo need for someone to create new credentials just to use your site/application\n*2\nIDP&#x2019;s include Facebook (most popular), Twitter, Google, LinkedIn, Microsoft, OpenID, many more\n*3\nSimple case - prevent users from having to fill out yet another reigistration\nComplex case - social context (HuffPo), social sharing, social personalization (based on profile)\nDifferentiate authentication and authorization\n\n\n
\n
\n
\n
*1\nOverwhelmed feeling caused by too many username/password combinations to remember, and too many registrations to go through\n*2\nUsers are much more likely to stick around if they don&#x2019;t have to go through another registration\nThis is what it&#x2019;s all about - make it EASY for your users!\n*3\nSome access to users&#x2019; profile information - targeted marketing, friend&#x2019;s recommendations, etc\n*4\nWhy write YAAS? Use someone else&#x2019;s!\nBack to the basics - focus on your core business, not authentication\n*5\nFollows from above point - widely used systems are less likely to have security flaws than one you create yourself\nPeople are more comfortable with an established IDP\n\n\n
*1\nOverwhelmed feeling caused by too many username/password combinations to remember, and too many registrations to go through\n*2\nUsers are much more likely to stick around if they don&#x2019;t have to go through another registration\nThis is what it&#x2019;s all about - make it EASY for your users!\n*3\nSome access to users&#x2019; profile information - targeted marketing, friend&#x2019;s recommendations, etc\n*4\nWhy write YAAS? Use someone else&#x2019;s!\nBack to the basics - focus on your core business, not authentication\n*5\nFollows from above point - widely used systems are less likely to have security flaws than one you create yourself\nPeople are more comfortable with an established IDP\n\n\n
*1\nOverwhelmed feeling caused by too many username/password combinations to remember, and too many registrations to go through\n*2\nUsers are much more likely to stick around if they don&#x2019;t have to go through another registration\nThis is what it&#x2019;s all about - make it EASY for your users!\n*3\nSome access to users&#x2019; profile information - targeted marketing, friend&#x2019;s recommendations, etc\n*4\nWhy write YAAS? Use someone else&#x2019;s!\nBack to the basics - focus on your core business, not authentication\n*5\nFollows from above point - widely used systems are less likely to have security flaws than one you create yourself\nPeople are more comfortable with an established IDP\n\n\n
*1\nOverwhelmed feeling caused by too many username/password combinations to remember, and too many registrations to go through\n*2\nUsers are much more likely to stick around if they don&#x2019;t have to go through another registration\nThis is what it&#x2019;s all about - make it EASY for your users!\n*3\nSome access to users&#x2019; profile information - targeted marketing, friend&#x2019;s recommendations, etc\n*4\nWhy write YAAS? Use someone else&#x2019;s!\nBack to the basics - focus on your core business, not authentication\n*5\nFollows from above point - widely used systems are less likely to have security flaws than one you create yourself\nPeople are more comfortable with an established IDP\n\n\n
*1\nOverwhelmed feeling caused by too many username/password combinations to remember, and too many registrations to go through\n*2\nUsers are much more likely to stick around if they don&#x2019;t have to go through another registration\nThis is what it&#x2019;s all about - make it EASY for your users!\n*3\nSome access to users&#x2019; profile information - targeted marketing, friend&#x2019;s recommendations, etc\n*4\nWhy write YAAS? Use someone else&#x2019;s!\nBack to the basics - focus on your core business, not authentication\n*5\nFollows from above point - widely used systems are less likely to have security flaws than one you create yourself\nPeople are more comfortable with an established IDP\n\n\n
\n
\n
\n
\n
\n
*1\nMitigate by allowing multiple credentials for one user\nEnsure graceful degradation\n*2\nFinancial, govt., etc - may be gray areas, but uncertainty amounts to rejection\n*3\nSome solution providers charge (more later); many free up to certain usage, then pay\n*4\nNot just tied to 3rd party infrastructure, also 3rd party API\nTwitter OAuth-apocalypse \nAlso argument for service APIs (coming soon)\n
*1\nMitigate by allowing multiple credentials for one user\nEnsure graceful degradation\n*2\nFinancial, govt., etc - may be gray areas, but uncertainty amounts to rejection\n*3\nSome solution providers charge (more later); many free up to certain usage, then pay\n*4\nNot just tied to 3rd party infrastructure, also 3rd party API\nTwitter OAuth-apocalypse \nAlso argument for service APIs (coming soon)\n
*1\nMitigate by allowing multiple credentials for one user\nEnsure graceful degradation\n*2\nFinancial, govt., etc - may be gray areas, but uncertainty amounts to rejection\n*3\nSome solution providers charge (more later); many free up to certain usage, then pay\n*4\nNot just tied to 3rd party infrastructure, also 3rd party API\nTwitter OAuth-apocalypse \nAlso argument for service APIs (coming soon)\n
*1\nMitigate by allowing multiple credentials for one user\nEnsure graceful degradation\n*2\nFinancial, govt., etc - may be gray areas, but uncertainty amounts to rejection\n*3\nSome solution providers charge (more later); many free up to certain usage, then pay\n*4\nNot just tied to 3rd party infrastructure, also 3rd party API\nTwitter OAuth-apocalypse \nAlso argument for service APIs (coming soon)\n
\n
*1\nSocial networks have powerful brands - leverage them by making the branding prominent on your site/application\n*2\nf you only support one, or a few, providers you could anger customers not on those platforms\neHow.com\n*3\nAlso, combine sign in and registration\n*4\nPrefill forms, etc.\n*5\nIf a user already has a site account, allow them to link social credentials to that account\n*6\n*7\nFind out how your users are using social sign in\nWhich IDPs are used most, whether changing the order of icons improves conversion, etc.\n\n
*1\nSocial networks have powerful brands - leverage them by making the branding prominent on your site/application\n*2\nf you only support one, or a few, providers you could anger customers not on those platforms\neHow.com\n*3\nAlso, combine sign in and registration\n*4\nPrefill forms, etc.\n*5\nIf a user already has a site account, allow them to link social credentials to that account\n*6\n*7\nFind out how your users are using social sign in\nWhich IDPs are used most, whether changing the order of icons improves conversion, etc.\n\n
*1\nSocial networks have powerful brands - leverage them by making the branding prominent on your site/application\n*2\nf you only support one, or a few, providers you could anger customers not on those platforms\neHow.com\n*3\nAlso, combine sign in and registration\n*4\nPrefill forms, etc.\n*5\nIf a user already has a site account, allow them to link social credentials to that account\n*6\n*7\nFind out how your users are using social sign in\nWhich IDPs are used most, whether changing the order of icons improves conversion, etc.\n\n
*1\nSocial networks have powerful brands - leverage them by making the branding prominent on your site/application\n*2\nf you only support one, or a few, providers you could anger customers not on those platforms\neHow.com\n*3\nAlso, combine sign in and registration\n*4\nPrefill forms, etc.\n*5\nIf a user already has a site account, allow them to link social credentials to that account\n*6\n*7\nFind out how your users are using social sign in\nWhich IDPs are used most, whether changing the order of icons improves conversion, etc.\n\n
*1\nSocial networks have powerful brands - leverage them by making the branding prominent on your site/application\n*2\nf you only support one, or a few, providers you could anger customers not on those platforms\neHow.com\n*3\nAlso, combine sign in and registration\n*4\nPrefill forms, etc.\n*5\nIf a user already has a site account, allow them to link social credentials to that account\n*6\n*7\nFind out how your users are using social sign in\nWhich IDPs are used most, whether changing the order of icons improves conversion, etc.\n\n
*1\nSocial networks have powerful brands - leverage them by making the branding prominent on your site/application\n*2\nf you only support one, or a few, providers you could anger customers not on those platforms\neHow.com\n*3\nAlso, combine sign in and registration\n*4\nPrefill forms, etc.\n*5\nIf a user already has a site account, allow them to link social credentials to that account\n*6\n*7\nFind out how your users are using social sign in\nWhich IDPs are used most, whether changing the order of icons improves conversion, etc.\n\n
*1\nSocial networks have powerful brands - leverage them by making the branding prominent on your site/application\n*2\nf you only support one, or a few, providers you could anger customers not on those platforms\neHow.com\n*3\nAlso, combine sign in and registration\n*4\nPrefill forms, etc.\n*5\nIf a user already has a site account, allow them to link social credentials to that account\n*6\n*7\nFind out how your users are using social sign in\nWhich IDPs are used most, whether changing the order of icons improves conversion, etc.\n\n
*1\nIndividual gives you more control, not reliant on a 3rd-party\nindividual takes more effort (or provides fewer options)\nIndividual has to be ready to adapt to API changes\nAggregate more choices, faster to market\nAggregate Dedicated developers working on adaptions to API changes\nAggregate Constrained by what they offer\nAggregate some are pay services\nConclusion - unless you have good reason, use an aggregator\n*2\nWrite your own, best control, most risk\nStand-alone (does not call any service except the IDPs)\nStand-alone fewer failure points\nStand-alone generally open source\nStand-alone restricted to one technology\nService updated code is in play immediately (API changes, etc)\nService usually usable by virtually any technology (incl. mobile)\nService free at first - watch out when traffic goes up\n\n
*1\nIndividual gives you more control, not reliant on a 3rd-party\nindividual takes more effort (or provides fewer options)\nIndividual has to be ready to adapt to API changes\nAggregate more choices, faster to market\nAggregate Dedicated developers working on adaptions to API changes\nAggregate Constrained by what they offer\nAggregate some are pay services\nConclusion - unless you have good reason, use an aggregator\n*2\nWrite your own, best control, most risk\nStand-alone (does not call any service except the IDPs)\nStand-alone fewer failure points\nStand-alone generally open source\nStand-alone restricted to one technology\nService updated code is in play immediately (API changes, etc)\nService usually usable by virtually any technology (incl. mobile)\nService free at first - watch out when traffic goes up\n\n
*1\nIndividual gives you more control, not reliant on a 3rd-party\nindividual takes more effort (or provides fewer options)\nIndividual has to be ready to adapt to API changes\nAggregate more choices, faster to market\nAggregate Dedicated developers working on adaptions to API changes\nAggregate Constrained by what they offer\nAggregate some are pay services\nConclusion - unless you have good reason, use an aggregator\n*2\nWrite your own, best control, most risk\nStand-alone (does not call any service except the IDPs)\nStand-alone fewer failure points\nStand-alone generally open source\nStand-alone restricted to one technology\nService updated code is in play immediately (API changes, etc)\nService usually usable by virtually any technology (incl. mobile)\nService free at first - watch out when traffic goes up\n\n
Some providers require API keys, some don&#x2019;t\n
Some providers require API keys, some don&#x2019;t\n
Some providers require API keys, some don&#x2019;t\n
Some providers require API keys, some don&#x2019;t\n
Some providers require API keys, some don&#x2019;t\n
Some providers require API keys, some don&#x2019;t\n