Suspend journey progress
Suspending journeys lets you save a user’s progress through an authentication journey and later resume from the same point.
Any input provided during the journey is saved when the authentication journey is suspended and restored when the authentication journey is resumed. This lets the authentication journey continue if the user closes their browser, uses a different browser, or uses a different device.
When you suspend an authentication journey, you give the user a URL they must visit to resume their journey. The URL contains a unique identifier for retrieving the saved progress and can only be used once. These URLs are sometimes referred to as magic links.
The Email Suspend node supports suspended authentication.
Typical use cases include passwordless authentication and email verification during progressive profile completion.
The following journey lets a user authenticate if they have forgotten their username:
After obtaining the user’s email address in the Attribute Collector node, the journey attempts to identify the user. The journey then attempts to email the user and suspends itself.
Note both the True and False outcomes are mapped into the Email Suspend node to reduce potential data leakage. If the username is found, it is included in the email sent to the user, along with the link to use to resume the authentication journey.
When the user follows the link, the authentication journey resumes at the Inner Tree Evaluator node, which lets the user authenticate with their recovered username and credentials.
Configure suspended journeys
You can configure the maximum duration of a journey session so that resources can be freed up if the journey is not completed. You can also configure how long a journey session can be suspended.
You should set the maximum duration to the maximum time required to complete the journey. For example, if you’re sending an email, 10 minutes might be reasonable. The time allowed for suspending a journey must be the same as or less than the maximum duration of the journey session.
Maximum duration
The maximum duration can be set in different locations to provide greater control over the length of journey sessions.
Advanced Identity Cloud determines which setting to apply to the journey session in the following order of precedence:
-
The timeout settings in the Update Journey Timeout node.
-
The maximum duration set for an authentication journey.
Duration values set on child journeys are ignored.
Learn more in Configure journey session duration in a journey.
-
The maximum duration set in the realm. The default is
5minutes.Under Native Consoles > Access Management, go to Realms > Realm Name > Authentication > Settings > Trees > Max duration (minutes) to change the maximum duration.
Learn more in Core authentication attributes.
Suspend duration
The suspend duration can be set in different locations to provide greater control over how long a journey session can be suspended.
Advanced Identity Cloud determines which setting to apply to the journey session in the following order of precedence:
-
The suspend duration set in a node:
-
Configure the suspend duration in the Email Suspend node.
-
Configure the suspend duration in the Scripted Decision node using the
actionobject.Learn more in Suspend and resume journeys.
-
-
The suspend duration set in the realm. The default is
5minutes.Under Native Consoles > Access Management, go to Realms > Realm Name > Authentication > Settings > Trees > Suspended authentication duration (minutes) to change the suspend duration.
Learn more in Core authentication attributes.