fabric Identity uses Okta for managing users, login pages, and several account management flows. In fabric Identity, a separate Okta organization (org) is created for every user pool. By default, a new Okta org is created for each merchant in fabric, associated with that merchant's default user pool. Upon request, additional user pools - and Okta orgs - can be created for any merchant.
Using Okta allows app developers to customize several aspects of user login and management. This section describes customizations to individual Okta orgs.
When using userapps, the user login page is hosted by the fabric-provisioned Okta org. This login page uses simple HTML that leverages the Okta sign-in widget, and allows app developers to add additional customizations. Customization examples include:
- Changing the host name of the login page to use a merchant's specific sub-domain.
- Styling the login page and the sign-in widget to any custom theme using CSS. As it is plain HTML, any additional headers and footers can also be included in the login page to align with the storefront.
- Writing hooks into the Okta sign-in widget, which further allows Okta to handle events within the login flow.
Currently, fabric supports only Okta's hosted login page.
See this page for further details on customizations available.
By default, fabric Identity applies the following password policy for end users of the userapp:
- Minimum of 8 character length
- At least one upper case letter, one lower case letter, one number
- The password should not have any part of the user's name
- The password should not be one of the last 4 passwords (when resetting)
- The user locks out by 10 unsuccessful attempts.
Okta allows defining custom password policies that can customized for password strength, password aging, and lockout behavior. All of these are possible with Okta's simple configuration. More details can be found on this page.
Okta allows end users to register themselves through an email verification process. This can be enabled as a feature flag on Okta and is enabled by default for new merchants within fabric. Additional details of the end users can be requested by customizing the registration form. When using fabric customer APIs, these details are also available for the new customer record created for the self-registered user.
See this page for further instructions on how to customize the registration form.
Storefronts often need to support social logins using Meta (formerly Facebook), Google, etc. Okta's in-built support for all major social media logins makes it easy for app developers to include this in their designs.
See this page for instructions on how to integrate social logins with the login page.
Okta provides the ability to customize auth-related emails sent to end users according to a merchant's branding and styling. It allows simple branding changes by defining foreground and background color schemes, including merchant logos, and customizing the sender email ID. For extensive customizations, it also provides an HTML-based template editor for individual emails. fabric Identity supports the following emails sent through Okta:
- Email verification
- User activation
- Forgot password
Please contact fabric support to get access to Okta org in order to perform these customizations.