![\"authentication](\"https://paper-attachments.dropbox.com/s_483BCD9E50710AD4C34073FFCB4BDCD46B2FB758D7EDCF747C5F8981B4094012_1628279671087_How+sessions+work.png\")
User onboarding refers to the complete process that users go through when they first become a customer of your product or service. The onboarding process can shape your customer's long-term connection with your product.
\nLearning and implementing SaaS software into a proper user management system is not more difficult than learning a new language, going to the gym, or practicing morning meditation.
\nWhen a user signs up for a free SaaS trial, it is your job to ensure they must regularly utilize your program. Therefore as a SaaS provider, you must assist new users as much as possible over the first few weeks.
\nHere are a few phases you should know about when it comes to consumer onboarding.
\nThe initial onboarding phase does not occur on your website or blog but typically occurs on social media, in a forum or remark, or on another person's blog. Your onboarding experience begins with a customer's first interaction with your brand.
\nThe User Onboarding process continues on your website after that. You must now educate people about the problem you are addressing while also introducing your brand and product. People don't want to spend hours on your website, so employing tools that allow you to communicate your message as clearly and quickly as possible is the ideal approach to speed things up.
\nAlso Read: Top 27 User Onboarding Tools: Highly Recommended for Businesses
\nAt this point, you must show your product in the best possible light and sell it to your potential consumers in the most efficient manner possible because a poor conversion rate implies you will not be able to cover acquisition expenses, which would almost certainly ruin your business.
\nUser engagement and feature uptake are closely linked to a well-structured user onboarding process. You control what happens and lead users through a specified set of tasks via onboarding tours and walkthroughs. To increase user engagement, you must strike a balance between directing and letting them explore your product.
\nAt this point, your customer should be familiar with all of your solution's procedures and advantages, and they should have been using it regularly.
\nOne should consider a comprehensive customer success strategy for featuring requests and collecting customer feedback, which will help in increasing engagements resulting in direct revenue from the referrals. If something goes wrong, customer service should take over, and you'll certainly need the best tools to be able to act quickly and address the situation.
\nSo, after getting acquainted with all the phases mentioned above, it might now have become clear how the entire process of onboarding customers for your SaaS Business is.
\nThe onboarding process should be done properly, it can take your business to new heights, and if not, it might result in its destruction. So, always choose the process carefully.
\nNow, below we will discuss some elements that you need to keep in mind while onboarding consumers for your SaaS business.
\n\nYou start setting expectations and gathering important information about user objectives and priorities during signup. LoginRadius, for example, uses the signup process to obtain the information necessary to set up the product. Instead of forcing users to start from scratch and construct their teams and projects, they provide a list of options at signup. When a user completes registration, that information is auto-filled.
\nThe welcome email is crucial since it is your customer's initial point of contact once they've registered an account. It's also the first genuine email you've sent them, so you'll want to establish communication expectations.
\nA user's initial impression of an app is formed at the first login. Examine your first login experience if you want to decrease churn. It will either start the process or stop it in its tracks. Keep in mind that there should be no issues with login authentication.
\nIt's nice to get a welcome message on the initial login, but you're here to help users in the long term. Product tours and tooltips provide on-demand training on how to use your app in your community.
\nThere are several methods to deliver product lessons for a better user experience, just as with any other onboarding component.
\nThese are some of them:
\nWhen it comes to SaaS onboarding, ask as many questions as you can and get as many answers as possible. Consult the statistics as well as user input. Communication across departments is crucial.
\nStart working on fixing your weak points once you've recognized them. Begin by making one adjustment at a time and seeing how it affects your cohort analysis. Your onboarding strategy won't be built in a day, and it won't be modified in a day, either.\n
Privileged Access Management (PAM) includes cyber security strategies and technologies for applying control over the privileged access and permission for users, accounts, processes, and systems across an environment.
\nBy appropriately giving privileged access control, PAM can help organizations control and reduce the possibility of the attack from third parties and prevent the internal carelessness of the individual. PAM is not only applicable to a human being, but it also applies to the non-humans such as application and machine identity.
\nExample:
\nLet's consider an admin account. So what does a PAM do? It will take the privileged account credentials and put them in a secure place or in the vault, which will isolate the use of the privileged account credentials, reducing the risk of any attacks or misleadings.
\nSince it was kept inside the repository, the system administrator will need to go to the PAM system to access their credentials. When they request access to credentials, they will be authenticated at different levels.
\nOnce all the authentication is done, they will be provided access to their credentials. Also, once these credentials are put in the repository, all their processes will be reset, and for the subsequent time, all methods need to be repeated to get the credentials.
\nThe following are the different types of Privilege Access management accounts:
\nThese are the shared accounts that provide admin access to the local host or session only. The IT staff typically uses these accounts to perform maintenance or set up the new workstations.
\nThese are the users that are granted administrative privileges to systems. Privileged User Accounts are among the most common types of accounts that have access granted on an enterprise domain. These give administrative rights to one or more systems.
\nGenerally, these accounts have unique and complex passwords, but most of the time are protected by passwords alone. These are the types of accounts that should be monitored closely. And these are the accounts that sometimes do not belong to the individual user instead of that they are shared among the multiple admins.
\nThese super admin accounts have access to all the organization's workstations, and it provides the most extensive access across the network. They can modify the membership of every administrative account within the domain. These accounts are under the attacker's radar and should be monitored closely, and PAM should be implemented here.
\nIt is the type of accounts that are privileged local or domain accounts that are used by the application or service to interact with the operating system. In some cases, these service accounts have administrative privileges on domains depending on the requirements of the application they are used for.
\nIt is the type of account that provides the unprivileged users with admin access in case of emergency to protect the system. They are also called 'firecall' or 'break glass accounts. Access to this account requires the organization's IT management team approval. Most of the time, this is a manual process because of which it rarely lacks any security measures.
\nWe have already discussed why Privileged Access Management (PAM) is useful for organizations that are growing or have an extensive IT system within the organization itself.
\nNow, let's discuss the features that the PAM software provides:
\nThere are some common strategies that every organization that uses the PAM should follow for the proper implementation of PAM Software, and those strategies are:
\nPrivileged access management is always considered one of the parts of identity and access management (IAM). However, identity and privilege are both interlinked with each other.
\nIdentity management refers to the people like you, your boss, or the organization's IT management team are examples. These people are responsible for creating, updating, or even deleting attributes. The main reason for IAM is having one digital identity per user, and once this identity is established it must be maintained, modified, and monitored.
\nPrivileged Access Management is a part of IAM. Here, PAM help's the IAM in helping manage entitlements, not only of individual users but also shared accounts such as super users, administrative, and service accounts.
\nA PAM is a tool that manages and protects all privileged accounts. It also provides a unified, robust, and—importantly—transparent platform integrated into an organization's overall identity and access management (IAM) strategy.
\nWhile PAM deals explicitly with privileged accounts, Identity and Access Management deals with all the types of users and identities in an organization. They might be different in what they protect, but in the larger picture, PAM and IAM make for holistic security as they comprise Access Management and Identity Governance and Administration.
\nIn this article, we have learnt about Privileged Access Management, which helps organizations protect privileged accounts and credentials. The details mentioned here will help you to understand how to use PAM and what are all things that should be in mind during the use of Privileged Access Management(PAM).
\nCheers!
\n\n","frontmatter":{"date":"August 26, 2021","updated_date":null,"description":"Privileged access management—finding the right balance between security and convenience. This blog explains why PAM matters, highlights its key features and strategies that the organization should use to ensure the proper implementation of PAM.","title":"A Comprehensive Guide to Privileged Access Management (PAM)","tags":["data security","Privileged Access Management","cx"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.6,"src":"/static/e9d8c753fde4fa2986799d250605b6fe/14b42/what-is-privileged-access-management-cover.jpg","srcSet":"/static/e9d8c753fde4fa2986799d250605b6fe/f836f/what-is-privileged-access-management-cover.jpg 200w,\n/static/e9d8c753fde4fa2986799d250605b6fe/2244e/what-is-privileged-access-management-cover.jpg 400w,\n/static/e9d8c753fde4fa2986799d250605b6fe/14b42/what-is-privileged-access-management-cover.jpg 800w,\n/static/e9d8c753fde4fa2986799d250605b6fe/16310/what-is-privileged-access-management-cover.jpg 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Bhavya Tugnawat","github":null,"avatar":null}}}},{"node":{"excerpt":"In web applications, you try to decide when to use either JSON Web Tokens (JWTs) or sessions (cookies) for authentication. When you browse…","fields":{"slug":"/engineering/guest-post/jwt-vs-sessions/"},"html":"In web applications, you try to decide when to use either JSON Web Tokens (JWTs) or sessions (cookies) for authentication. When you browse the web you use HTTP, which is a stateless protocol. So, the only way to remember the states of your application is using either sessions or tokens.
\nThis article deep dives into:
\nDeciding to choose between JWT or session is not just choosing one over the other. You need to look at some factors to determine which one to use in an application. In order to figure this out, you need to compare both approaches -- JWT and session -- to authenticate users.
\nThis article starts with how server-side sessions with a session store work, then looks at how client-side sessions with JWT work.
\n
Suppose, you have a website with a login form. You enter your email ID and password, and your browser sends a request to the server. Your server compares the password hashes, and if those hashes match, a session is created with a specific session ID. Then, the server returns a cookie with the session ID and the cookie is HTTP only, so it can not be read by any javascript that is not yours. It is also secured so that the cookie is never transferred over an insecure connection; that is, something that is not encrypted. Otherwise, someone can intercept the communication, like a man in the middle attack.
\n![\"server-side](\"https://paper-attachments.dropbox.com/s_483BCD9E50710AD4C34073FFCB4BDCD46B2FB758D7EDCF747C5F8981B4094012_1628279971421_sessionswork2.png\")
If you make a follow-up request, your browser automatically sends this cookie along. Take a look at the session ID and fish it out.
\n![\"client-side](\"https://paper-attachments.dropbox.com/s_483BCD9E50710AD4C34073FFCB4BDCD46B2FB758D7EDCF747C5F8981B4094012_1628281019519_Clientside.png\")
Instead of creating a session in your session store, you check whether the password hashes match. And if they do match, you can just create a JSON signature token and the token is signed with the secret. If someone tries to modify the payload, you will know and the signature validation will fail.
\nYou can return the web signature token that can be put in a cookie, which is way better. Because, if you don't do that, there is a possibility that a third-party javascript can access it.
\nImagine a scenario in which a bank customer's info has been breached and the customer calls the bank to lock the account. This will be an issue if the bank uses JWT for authentication as JWT is stateless. Although you can find a workaround to do this by introducing state, it just defeats the purpose of having a JWT token in the first place, standing a chance of logging everyone out including the customer.
\nWith Sessions, logging out that one particular customer won’t be a problem at all as the customer's state is stored.
\nWhen using server-side sessions, you don't know who is currently logged into your application as this can be useful to inflict the history of what a person is currently doing. It’s a better idea to use sessions in industries like health care, banking, insurance, or companies that deal with money. It's also good to note that JWT is signed and anyone can read it or get an idea of how data or ID is structured, or how many rows data has, which is not the case for sessions as the data is not visible to users.
\nSession cookies take up very little bandwidth, whereas the bandwidth consumption will be higher in the JWT-based approach because the tokens tend to get bigger and you have the signature you have to send along for each follow up request; whereas if you have the session cookie, it's really small because its just the session ID that is being sent over.
\nA lot of breaches that happen in companies is a result of an internal breach from an employee or insider that is stealing data or doing weird things. It is really important to be able to revoke privileges immediately. Imagine a scenario where one person is locked in and has admin rights. Say, the token is valid for ten minutes or so. If for whatever reason you don't want that person to have admin privileges anymore, you can easily revoke the person's access if you use sessions, but might find it difficult if you use JSON web tokens.
\nThis section discusses the advantages of using JWT over sessions and scenarios where sessions do not cut it.
\nOne of the “issues” with sessions is scalability. The argument is that sessions are stored in memory and servers are duplicated to handle the application load, therefore, limiting the scalability of the application. JWT, on the other hand, has higher scalability due to its statelessness. If you use a load balancer, you can easily pass along your users to several servers without worrying, as there is no state or session data stored anywhere, making it easy for gigantic scale workloads like that of Google and Facebook.
\nA downside of the sessions is their maintainability, as the sessions need to be maintained. Somewhere on someone's server, a record will need to be created every time a user is authenticated. This is done in memory. The more the users are authenticated, the greater the overhead on your server. There is no need for maintainability in JWT as no state is stored, making it a better choice in this scenario.
\nWhen using sessions in an applications, there will come a time when you need to scale or expand the data for it to be used on multiple devices. Then, you'll need to worry about things like cross-origin resource sharing or even forbidden requests.
\nBut with JWT, you don't have to bother about CORS as you can provide data to all sorts of devices and applications. Setting up a quick header configuration gets rid of any CORS problem you would have encountered.
\nAccess-Control-Allow-Origin: *As long as a valid user has a valid token, data and resources are made available from any domain.
\nYou can easily allow selective permissions for third-party applications with the help of JWT. Say, you build an application that you like to share permissions with other applications; for instance, sharing a video you watched on Facebook to friends on Instagram. You can also get creative building APIs that hand the special tokens to other applications so that user data can be accessed.
\nAuth tokens are usually sent over the network and as such are vulnerable to attack. These kinds of attacks are:
\nAlthough it may seem that these types of attacks are not likely to happen, it's important to take security seriously and implement appropriate measures. The vulnerability of the system is based on the cumulative probabilities of all the types of attacks. In some ways, you can mitigate the above attacks:
\nDatabase and filesystem access: To control damage caused by unauthorized access to your database or filesystem, you could do the following:
\nSome people who use JSON web tokens return the token and store it in local storage. This can be very dangerous as third party javascript, browser extensions, and malicious CDN scripts can have access to the token. But if you put it in a cookie, no javascript access, or even you has access to it.
\nAnother thing to note is that when using cookies, you need to mitigate CSRF. Preventing it most of the time will have to do with installing a library and writing a few lines of code.
\nIn the article, you've learned the differences in using sessions and JSON web tokens for authentication, how serverside session store works, the advantages of sessions over JWT, and other things concerning the structure of JWT.
\n","frontmatter":{"date":"August 26, 2021","updated_date":null,"description":"In this article, you'll learn the differences between JWT and Sessions, and which one to use for authentication.","title":"How to Authenticate Users: JWT vs. Session","tags":["Authentication","JWT","Sessions"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/b7fe0cb57f0d4924df0a0f47634eb844/14b42/ArticleHead.jpg","srcSet":"/static/b7fe0cb57f0d4924df0a0f47634eb844/f836f/ArticleHead.jpg 200w,\n/static/b7fe0cb57f0d4924df0a0f47634eb844/2244e/ArticleHead.jpg 400w,\n/static/b7fe0cb57f0d4924df0a0f47634eb844/14b42/ArticleHead.jpg 800w,\n/static/b7fe0cb57f0d4924df0a0f47634eb844/47498/ArticleHead.jpg 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Uma Victor","github":"uma-victor1","avatar":null}}}},{"node":{"excerpt":"Every country is progressively inching towards diverse smart city projects that eventually become the new driving force behind a state’s…","fields":{"slug":"/identity/smart-cities-improve-unified-identity/"},"html":"Every country is progressively inching towards diverse smart city projects that eventually become the new driving force behind a state’s overall development.
\nHowever, the key aspect determining whether these projects are a failure or a success is the involvement of civilians living and working in that city.
\nUndoubtedly, civilian engagement is a significant factor that can offer valuable insights to enhance the current services that pave the path for the region’s overall development.
\nBut the big question is how to enhance civilian engagement?
\nWell, delivering a flawless user experience and online services can help increase civilian engagement.
\nThe key lies in leveraging a robust identity management solution that delivers a great user experience to citizens across multiple platforms and devices and ensures adequate security and privacy.
\nLet’s understand the role of digital identity for smart cities in improving civilians’ digital experience through unified identity.
\nWith population growth and the expansion of public services, cities need to be innovative about providing services to all people without compromising service quality. There is a need for a single platform where all facilities are centralized, and customer experience is considered.
\nDigital identity is a great way to get started as it can prove a citizen’s identity through diverse government channels and is crucial for citizens to avail government services.
\nAs the government invokes the potential of secure digital identities, citizens would access core services and resources without any hassle.
\nMoreover, every citizen requires some kind of public service, and that’s why handling a unique number of identities securely becomes a tough nut to crack for the government. Here’s where the need for digital identity management comes into play.
\nA smart CIAM (consumer identity and access management) solution like LoginRadius helps public sector organizations manage heaps of identities efficiently without hampering user experience.
\nLet’s learn how a CIAM solution like LoginRadius can deliver a flawless digital experience to civilians that pushes overall development reinforced by adequate security.
\nCities need one unified self-service portal so that their constituents have a seamless, efficient experience as they access the services they need. The LoginRadius Identity Platform enables cities to centralize their customer-facing digital applications into one portal.
\nThis portal enables a frictionless experience across multiple services that improve user experience and enhance user engagement.
\n
\nThis single locus of access delivers a connected experience across multiple touchpoints and channels. LoginRadius has supported applications such as Account Summary, Customer Profile, Permit Applications, and Bill Payment.
What good is a centralized portal if citizens create multiple identities for individual web and mobile applications? Operating in this way creates identity silos that prevent a thorough view of the customer’s journey and preferences, which means the customer experience can’t be optimized for each individual.
\nWithout a seamless user experience, engagement rates drop. But with LoginRadius Single Sign-on (SSO), cities and companies can allow customers to access all applications within their platform with a single set of unified credentials, rather than having to register and log in to each service separately.
\nMany public sector organizations have a hard time using customer data to improve the digital experience.
\nThe LoginRadius Identity Platform offers pre-built integrations with over 150 third-party applications such as CRM, email marketing tools, online communities, payment systems, and more.
\nThis enables organizations to use that customer data to understand their customers better, offer more useful information and deliver that information more directly.
\nHydro Ottawa is a regulated electricity local distribution company in eastern Ontario.
\nAs the third-largest municipally-owned electric utility in Ontario, Hydro Ottawa maintains one of the safest, most reliable, and most cost-effective electricity distribution systems in the province. They serve about 332,000 residential and commercial customers across 1,116 square kilometers.
\n\nThe Hydro Ottawa team wanted to create a solid architectural foundation for digital growth and innovation. They decided that the core of this new system would be a customer identity solution that centralizes and unifies customer identity data.
\nWith the launch of their mobile app and a revamp of their customer web portal underway, Hydro Ottawa needed an SSO solution to log in with a single profile that included social media validation.
\nDigital identity is paving the path for a rich unified experience for citizens that require public services in daily routines.
\nRobust consumer identity and access management solutions like LoginRadius can help public sectors deliver great experiences tacked by adequate security to their civilians, reinforcing different smart city projects.
\n\n","frontmatter":{"date":"August 25, 2021","updated_date":null,"description":"Civilian engagement is a significant factor that can offer valuable insights to enhance the current services that pave the path for the region’s overall development. This post highlights the role of digital identities in supporting the idea of smart cities.","title":"How Cities Can Improve Civilians’ Digital Experience with Unified Identity","tags":["security"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.6129032258064515,"src":"/static/7667de49e49fc737acd82123663210c6/14b42/smart-cities-improve-unified-identity-cover.jpg","srcSet":"/static/7667de49e49fc737acd82123663210c6/f836f/smart-cities-improve-unified-identity-cover.jpg 200w,\n/static/7667de49e49fc737acd82123663210c6/2244e/smart-cities-improve-unified-identity-cover.jpg 400w,\n/static/7667de49e49fc737acd82123663210c6/14b42/smart-cities-improve-unified-identity-cover.jpg 800w,\n/static/7667de49e49fc737acd82123663210c6/16310/smart-cities-improve-unified-identity-cover.jpg 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},{"node":{"excerpt":"The modern digital landscape demands robust security, which significantly relies on access tokens that securely authenticate users. A token…","fields":{"slug":"/identity/refresh-tokens-jwt-interaction/"},"html":"The modern digital landscape demands robust security, which significantly relies on access tokens that securely authenticate users.
\nA token plays a crucial role in enhancing the overall security mechanism of an organization that helps to deliver flawless and secure authentication and authorization on their website or application.
\nFor years, businesses have been using token-based authentication that allows users to access resources. These tokens have a minimal lifetime, ensuring that cybercriminals have minimum time to exploit a user’s identity.
\nWith token security, users have to re-authenticate themselves for obvious security reasons by offering credentials to sign in if the access token is expired.
\nHowever, this can be tedious and hampers user experience. To overcome this, the concept of refresh tokens was introduced.
\nA refresh token ensures that a user can regain the access token without providing login credentials.
\nLet’s dig deeper about refresh tokens, their use, and how they interact with JWTs (JSON Web Token).
\nA token can be defined as a digitally encoded signature used to authenticate and authorize a user to access specific resources on a network.
\nA token is always generated in the form of an OTP (One-Time Password), which depicts that it could only be used once and is generated randomly for every transaction.
\nThe token-based authentication allows users to verify their unique identity, and in return, they receive a special token that provides access to specific resources for a particular time frame.
\nApart from this, users can easily access the website or network for which the token is issued and need not enter the credentials again and again until the token expires.
\nTokens are widely used for regular online transactions for enhancing overall security and accuracy.
\nSince access tokens aren’t valid for an extended period because of security reasons, a refresh token helps re-authenticate a user without the need for login credentials.
\nThe primary purpose of a refresh token is to get long-term access to an application on behalf of a particular user.
\nIn a nutshell, a refresh token allows any website or application to regrant the access token without bothering the user. Here are its benefits:
\nJWT (JSON Web Token) is used to provide a standard way for two parties to communicate securely. JWT is commonly used for managing authorization.
\nThere is an open industry standard called RFC-7519, which defines how JWT should be structured and how to use it to exchange information (called “claims”) in the form of JSON objects. This information can be verified and trusted as it is digitally signed.
\nJWT (JSON Web Token) is a popular method of SSO, which is widely used by B2C applications, and through this system, you can allow your consumers to log in to an application that supports JWT.
\nBefore inching towards refresh tokens, one should understand that OAuth 2.0 specifications define both access tokens and refresh tokens.
\nEnterprises can leverage a refresh token in scenarios where the API needs authentication through an access token but users aren’t always available to provide credentials again and again.
\nHence, to enhance usability and improve user experience, refresh tokens can be used.
\nAlso read: Working With Industry Authorization: A Beginner's Guide to OAuth 2.0
\nSince browser-based web applications cannot start using a refresh token, refresh tokens always require additional security.
\nWhenever a refresh token is being utilized, the security token service quickly issues another access token and a new refresh token. The user can now make API calls through a refresh token.
\nWhenever the overall security token service suspects that any refresh token is being used more than once, it automatically assumes something isn’t right. As a result, the refresh token gets immediately revoked and hence ensures adequate security.
\nRBA (Risk-based Authentication) can be the finest way to enhance the security of a refresh token since it helps to analyze a vulnerability and automatically adds another stringent security layer in the mechanism.
\nRBA works seamlessly with token-based authentication and can help improve overall security in high-risk scenarios where businesses need a stringent mechanism to prevent a security breach.
\nJWTs represent a set of claims as JSON objects encoded in a JWS and JWE structure. This JSON object is called “JWT Claims Set.” The JSON object consists of zero or more name/value pairs (or members), where the names are strings, and the values are arbitrary JSON values. These members are the claims represented by the JWT.
\nYour JWTs can contain any information you want; the user's name, birth date, email, etc. You do this with claims-based authorization. You then just tell your provider to make a JWT with these claims from the claims principle.
\nAuthentication is implemented through JWT access tokens along with refresh tokens. The API returns a short-lived token (JWT), which expires in 15 minutes, and in HTTP cookies, the refresh token expires in 7 days.
\nJWT is currently used for accessing secure ways on API, whereas a refresh token generates another new JWT access token when it expires or even before.
\nRefresh tokens can be the ideal way to enhance security and improve user experience since users need not enter login credentials again and again.
\nLoginRadius helps enterprises get maximum benefits in terms of security, scalability, and usability when implementing token-based authentication on web and mobile devices.
\nBusinesses can leverage LoginRadius’ authentication and authorization services for a seamless experience that fosters business growth. Schedule a call today!
\n\n","frontmatter":{"date":"August 24, 2021","updated_date":null,"description":"A token plays a crucial role in enhancing the overall security mechanism of an organization. This blog provides an overview of using refresh tokens and how it helps securely authenticate users without hampering their overall experience.","title":"Refresh Tokens: When to Use Them and How They Interact with JWTs","tags":["security"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.6129032258064515,"src":"/static/3e53bf0d14b0304e647258612eee7deb/14b42/refresh-tokens-jwt-interaction-cover.jpg","srcSet":"/static/3e53bf0d14b0304e647258612eee7deb/f836f/refresh-tokens-jwt-interaction-cover.jpg 200w,\n/static/3e53bf0d14b0304e647258612eee7deb/2244e/refresh-tokens-jwt-interaction-cover.jpg 400w,\n/static/3e53bf0d14b0304e647258612eee7deb/14b42/refresh-tokens-jwt-interaction-cover.jpg 800w,\n/static/3e53bf0d14b0304e647258612eee7deb/16310/refresh-tokens-jwt-interaction-cover.jpg 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Saikiran Babladi","github":null,"avatar":null}}}},{"node":{"excerpt":"Hi, I am the Senior Operations Manager and feel really proud of being a part of the socially responsible company, LoginRadius. The concept…","fields":{"slug":"/growth/loginradius-csr-activities/"},"html":"Hi, I am the Senior Operations Manager and feel really proud of being a part of the socially responsible company, LoginRadius.
\nThe concept of CSR is essentially based on the notion that organizations should not only strive to optimize profits and shareholder value but should also make a conscientious effort to minimize or eliminate impact on the environment and society.
\nSociety has changed how it interacts with companies. Consumers have become more aware and educated about the impact that businesses have on society. They are looking for corporations that positively address the needs of society.
\nAt LoginRadius, we check all the boxes in the category with our sustainable and thriving Corporate Social Responsibility (CSR) culture. The company has been carrying out CSR activities since its inception and has been focused on giving back in any way possible to society.
\nLoginRadius is a leading cloud-based CIAM solution that empowers organizations to deliver a delightful consumer experience. The company was established in 2012 by Mr. Rakesh Soni and is headquartered in San Francisco with offices in Jaipur and Hyderabad, India.
\nThe company offers customizable login interfaces, open-source SDKs, best-in-class data security products, and integrations with over 150 third-party applications. We are already loved by 3,000 businesses with 1.17 billion consumers worldwide and raised $17 million in Series A funding from Microsoft.
\nIn addition to focusing on economic growth, the founders also have a personal desire to contribute to the community. According to them, it is imperative to integrate social and environmental concerns into the organization and support the community. They also believe in strengthening the roles and responsibilities of the employee to drive the CSR Program.
\nI will always be thankful to them for encouraging me to voice my views on carrying out the CSR exercises.
\nAs we strive to contribute towards a better future, we have partnered with Naya Savera, a socially oriented organization that aims to empower economically backward communities.
\nWe always focus on our employees to make a difference in the community. This allows them to volunteer or give back to their community. For example, our Dhan Utsav is an event where we encourage employees to donate clothes, toys, shoes, stationery, utensils, etc., to the kids of Naya Savera in the spirit of Diwali.
\nOur Kick for a Cause initiative is a one-day friendly football tournament to raise funds for underprivileged women. We also help them sell their handicrafts by hosting exhibits in various hotspots within Jaipur.
\nThrough Naya Savera and Kartavya NOG, we're currently supporting the education of ten and five children respectively each year, and we're committed to giving more children a chance at a great education in the coming years.
\n![\"loginradius-csr-activities-1\"](\"/ffa4d0e2b5f4590ecb8370724c56f0d7/loginradius-csr-activities-1.jpg\")
We also extended a helping hand to people by financially supporting them at times of economic breakdown and unemployment.
\nWe extended our support at the time of the Covid-19 pandemic, which led the central and state governments to announce lockdowns from March 2020 throughout the country. This economic slump led to thousands of people losing their jobs and creating a financial crunch in many families.
\nDuring this challenging time when it was difficult for the poor and unemployed to arrange food for themselves, we distributed ration to 200 families of laborers, construction workers, and local migrants who live in slum areas of Jaipur with the help of local NGOs.
\nApart from our community initiatives, we are proud to contribute significantly to the PM Cares Fund.
\n![\"loginradius-csr-activities-2\"](\"/a1c87716f2a3e7d6fbdbb5fc241f7650/loginradius-csr-activities-2.jpg\")
I remember the day when I joined LoginRadius. My first impression was that it was a beautiful, diligent company, and everyone in the organization was very dynamic, humble, and driven with a commitment to excellence. I am proud that I stand true to my option to this day.
\nEngaging in civic and social activities also re-energizes us in the workplace. The more we participate in these activities, the better we feel about our work. We gain a sense of accomplishment that we have contributed something toward the welfare of others.
\nWe are an organization that's committed to working for the good of the people. We believe in community development and will continue to make a difference.
\nI feel honored to be a part of the LoginRadius family :)
\n\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},"pageContext":{"limit":6,"skip":402,"currentPage":68,"type":"///","numPages":161,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}