Identity HMAC Verification (SHA256)
Overview
The purpose of identity verification is to verify that your users are who they claim to be. When you enable identity verification, it empowers Gainsight PX to use HMAC ID so that there is a secure way to validate if a logged-in user tries to impersonate another user. This feature should be configured via account product settings. The identity verification works by using a server-side generated HMAC (Hash-based Message Authentication Code), using SHA256, on either your user’s email or user_id. Once identity verification is enabled, Gainsight PX does not accept any requests for a logged-in user without a valid HMAC.
Enable Identity verification Under Account Settings
Once your server side has implemented identity verification using the hash key, you can enable it by navigating to Administration > Identity Verification.
Pass the User Hash in the Identify Call
Use the following code to pass the user hash:
aptrinsic("identify", { //User Fields "id": "unique-user-id", // Required for logged in app users "email": "userEmail@address.com", "firstName": "John", "lastName": "Smith", "signUpDate": 1522697426479, //unix time in ms "userHash": "" // optional transient for HMAC identification }, { //Account Fields "id":"IBM", //Required "name":"International Business Machine" });