Identity Verification
What is identity verification?
Identity verification ensures that none of your users can impersonate other users. In other words, it ensures the Who part of Command AI targeting is legit. You may not care much about users impersonating other users, and that might be fine. In many situations, it doesn’t matter much (and any user who knows how to impersonate another user probably is using your product in an adversarial scenario). But there are certain scenarios in which identity verification is required for Command AI to enable certain features.
Our identity verification approach works by using a server-side-generated HMAC (generated using a shared secret) to tell your frontend who the logged-in user is.
We recommend turning on identity verification for maximum security. It requires a developer, but should only take a few minutes and the added security is well worth the effort.
When should I enable identity verification?
All Command AI features are available whether you have identity verification enabled, but identity verification offers an additional level of security which can be useful in certain cases. For example, it can offer additional protection if you have Command AI state that is security-critical, or critical to your application.
Identity verification provides another layer of security in front of your users’ Command AI state. If you have a nudge that is only shown to certain users, for example, that you want to keep private, identity verification make sense to enable.
How do I turn on identity verification?
You can add identity verification by following the instructions at Dashboard -> Profile -> Identity Verification.