Skip to main content
All CollectionsManaging UsersUser Registration
The Importance of Using a Unique Identifier for IdP Entity IDs
The Importance of Using a Unique Identifier for IdP Entity IDs

Why it's important to have unique identifiers for all your users

Ania Kwak avatar
Written by Ania Kwak
Updated over a week ago

Having a unique identifier is essential for secure user authentication and access management. Why? It prevents confusion and minimizes security risks that could happen if two IdPs (Identity Providers) have the same identifier. It also ensures that regardless of any changes to a user's situation, their IdP (and anything tied to it) will remain unaffected.

Best Practices for Creating Unique Identifiers

Never use personal identifiers such as a user's name, email or role

First thing's first: NEVER use the user's name, email, role, or any personal details as part of their identifier!

Names can be legally changed, different emails assigned, and users can be moved to a different role at any time. Identifiers, however, cannot be revised, only replaced. By ensuring identifiers don't contain any variable user information, you also ensure the user is forever tied to that identifier without any issue.

For example, let's say you have an employee called "J. Smith." They're a Customer Service Representative, and they have their own email address, "[email protected].":

Best practice:

  • They're assigned the identifier "llxpuser3421"

    • Since no personal information is housed in the identifier, there's no risk of contrasting information should the user's name, email, role, etc. change at any point

    • They can forever be linked to that identifier, which means all their data stays with them no matter what

Poor practice:

  • They're assigned the identifier "jsmith-csr"

    • If they change their name to K Smith, it's no longer accurate

    • If their role changes to Manager, it's no longer accurate

    • If another J Smith joins the CSR team, it's confusing and more difficult to identify who's who

  • They're assigned the identifier "[email protected]"

    • If they change their name to J Bean, it's no longer accurate

    • If their email changes to reflect their new role of manager, [email protected], it's no longer accurate

    • If another J Smith joins the company, it's confusing and more difficult to identify who's who

Use consistent formatting

Using consistent formatting for all users will help you manage and keep track of your data.

To do so, decide on the elements your user identifiers will consist of as a baseline. Once that's finalized, you can establish and use your format to create IdP identifiers.

For example, you could decide to use the following formatting to create your identifiers:

  • company name or acronym, followed by;

  • "user", then,

  • a unique 5-digit number.

As a result, all your users will have consistent identifiers such as:

  • llxpuser12345

  • llxpuser51294

Avoid reusing identifiers

Don't use the same identifier again when you take an IdP out of service or change its name. Instead, create a new identifier. This helps avoid issues with cached credentials or old metadata that may still refer to the previous identifier.

For example, let's say the identifier "llxpuser12345" was tied to J Smith and they left the company. What would happen if their identifier was retired or reused?:

Retired (do this):

  • J Smith's data remains untouched for as long as their identifier exists in the system

Reused (don't do this):

  • J Smith's data is lost for good, or,

  • J Smith's data gets mixed with the new user's data, causing discrepancies in result

Avoid assigning new or additional identifiers to users that already have one

Once your user has been assigned an identifier, that's it! Assignment must be treated as a permanent, one-time situation for each user to ensure their data stays with them.

Remember: each user's data and progress are tied to their unique identifier and cannot be transferred or merged. If you remove a user's identifier, all data associated with it is removed as well, thus bringing the user back to "zero."

Maintain a list of identifiers

Create an internal list of IdP identifiers and manage it with a clear process. This will help with troubleshooting and future integration.

E.g., consider creating a spreadsheet that houses user details accordingly, such as:

  • User ID | Assigned Employee | Role

    • llxpuser12345 | S Lemonhead | Software Engineer

    • llxpuser 12346 | G Limely | Human Resources

Did this answer your question?