15 Configure Shopper Settings
Shopper settings let you configure registration details, password policies, and session length for registered customers. You do not have to publish changes you make to shopper settings; they take effect as soon as you save them.
Note:
The Retail Digital Commerce APIs provide endpoints that you can use to create custom properties for shopper profiles that you can display on your store or use internally in the administration interface. See Manage Shopper Profiles for more information.
In addition to these Shopper Settings, you can also restrict guest checkout. See Restrict guest checkout for more information.
Configure the Password Policy
Password management is an important part of administering any site that includes personal information.
This section describes the password management features included as part of Retail Digital Commerce and includes the following topics:
Configure Strong Passwords
Strong password checking lets you define criteria for new passwords; for example, you can specify that new passwords cannot be duplicates of old ones or contain the same characters as login names.
To configure strong passwords, follow these steps:
- Click the Settings icon, then sShopper Settings.
- Select one or more strong password settings.
- If you select Minimum Password Length, enter a number that specifies the minimum number of characters.
- If you select Must Include a Symbol Character, enter, or add to, a list of symbols.
- If you select Cannot Be A Previous Password, enter a number that specifies how many most recent passwords cannot be used.
- If you select Expire Password, enter a number that specifies the number of days until a new password expires.
- Click Save.
Force all Passwords to Expire
In some cases, you may want to force the passwords of all registered users to expire at the same time. Registered shoppers will have to reset their passwords the next time they log in.
To force all passwords to expire, follow these steps:
- Click the menu icon, then select Settings.
- Select Shopper Settings from the Settings list.
- Click the Expire All Passwords button.
- Confirm that you want to force all passwords to expire immediately.
Understand how Forgotten Passwords are Handled
Registered shoppers who cannot remember their passwords can use the Forgotten Password feature in the storefront to set a new password. The process works as follows:
- The shopper clicks the Forgotten Password link in the login screen and enters his or her email address.
The system validates that the email address matches an existing shopper profile. If no match is found, the system does nothing, and the shopper does not receive an email.
- The shopper clicks the Send Request button. A one-time use link is sent by the system to their email address.
- Once the shopper receives the link and opens it, they are prompted to create and confirm their new password.
Configure the Logged-in Shopper Session
You can configure shopper sessions to automatically expire after a specified period of inactivity.
The logged-out shopper can still access most areas of the store but must log in again to access secure pages, such as their profile or the checkout page. This is sometimes referred to as soft login.
To configure the logged-in shopper session, follow these steps:
Configure Guest Checkout
You can require that anonymous shoppers log into their accounts before they check out.
This feature can be used for anonymous shoppers who will log into either an individual account or a business account.
To prevent guest checkout, follow these steps:
In addition to selecting this setting, your pages must be modified at a widget code-level to restrict access to the Checkout UI itself. For details on doing so, see Manage Guest Checkout.
Disable Soft Login
A logged-out shopper can still see personalized content based on their profile.
This is referred to as soft login. Soft login allows a registered shopper who is returning to the site to be identified and their site experience to be personalized.
Soft login is a per site setting, and is enabled by default. You
can use the /ccadmin/v1/merchant/profilePolicies REST
API endpoint to disable it. See Create a shopper profile for details.
A shopper who is soft logged-in must log in to access their account page or to create an order.
Configure Account-Based Shoppers
You can allow a prospective account-based shopper to request registration of a new account on your store.
Enabling this feature lets a shopper submit an account registration request for a new account by providing required business details. The information is reviewed by an administrator from the merchant side after the shopper submits the required details, and, if needed, the administrator may request additional details such as credit checks. The registration request is then either approved or rejected. If the request is approved, the new contact for the account is activated.
To configure the account-based shoppers feature, follow these steps:
- Click the Settings icon, then select Shopper Settings.
When running multiple sites from your Retail Digital Commerce instance, your configurations will be applied by site. Choose a site from the site picker at the top of the Settings menu options.
- Click from the Settings list.
- Select Account-based Shoppers - Allow requests to register a new business Account
- Click Save.
The following provides additional details on what happens if this feature enabled:
- The Accounts page of the administrator user interface now includes a Registration Requests tab. This area lets you view, search, and work with account registration requests. For further details, refer to Configure Business Accounts.
- A Register for an account link appears on the Log In dialog box that is launched from the Contact Login (for Managed Accounts) element of the Header widget. Clicking the link displays a new business-to-business registration request form dialog that the registrant fills in.
- The Store API for submitting a registration request can return a successful status.
The following provides additional details on what happens if this feature is disabled:
- The Register for an account link does not appear on the Log In dialog box that is launched from the Contact Login (for Managed Accounts) element of the Header widget.
- If a prospective shopper is in the process of filling out a Register form and submits it, they see the “Account registration is not available” error.
- If there are registration requests with statuses of New, Review, More Info Needed, or Rejected, the Registration Requests area remains in the Accounts area of the UI.
- If there are no registration requests with statuses of New, Review, More Info Needed, or Rejected, the Registration Requests area is hidden.
- The Store API to submit a registration request returns the error, “Account registration is not available.”
Note:
To enable the store user interface to allow account-based shoppers to submit an account registration request, make sure you have a Contact Login element to the Header widget in your site Home layout. For further details, refer to Create Page Layouts that Support Different Types of Shoppers.
Configure Shopper Registration
You can configure shopper registration so that a shopper does not create a password on the storefront, but instead completes registration by clicking a secure link in an email your store sends to an email address the shopper provides.
This section describes how to enable and configure the secure registration flow for shoppers. This feature is enabled by default for all Retail Digital Commerce customers.
Understand Secure Shopper Registration
When the secure shopper registration flow is enabled, a shopper enters just a name and email address, then submits the request. Retail Digital Commerce creates a shopper profile with an auto-generated password and sends a New Account email with a secure, tokenized link. The shopper clicks the link, then enters new password details to complete the registration.
When the secure registration flow is not enabled, a shopper who tries to create a new account using an email address from an existing shopper profile sees a warning that the email address is already associated with an account. When the secure registration flow is enabled, Retail Digital Commerce does not display a warning, but sends a Forgotten Password email with a secure, tokenized link. You can customize the Forgotten Password email template with text that explains that the email address is already assigned to an account.
Similarly, if your store supports account-based commerce and a shopper tries to submit a new account-registration request with an email address from an existing personal account, Retail Digital Commerce does not display a warning that the address is already associated with a shopper profile.
Enable the Secure Registration Flow
To enable the secure registration
flow, use the /ccadmin/v1/merchant/profilePolicies endpoint in the Admin API to set the enableProfileRegistrationEmailCheck property to true. For example:
PUT /ccadmin/v1/merchant/profilePolicies HTTP/1.1
Authorization: Bearer <access_token>
{
"enableProfileRegistrationEmailCheck": true
}See Use the REST APIs for information you need to know before using the APIs.
Configure Email Templates
To implement the secure registration flow, you must enable the Forgotten Password and New Account emails. The New Account template includes code to render the tokenized link and additional strings to support the new registration flow. The Forgotten Password template includes code that displays a new customizable string if a shopper tried to register with an existing email address.
Once you have downloaded the templates, customize them and then upload them. See Customize Email Templates for more information.
Update Widgets
To implement the secure registration flow, make sure your layouts include the latest version of the Login Checkout/Registration element.