Update to Session Termination Behavior when Adding Identifiers

What’s Changing:

We are improving the user experience when adding or updating identifiers (email, phone number, or username) in profiles.

Key Updates:

1. New Identifier: When a new identifier type (email, phone, or username) is added to a user profile where one does not already exist, the user’s session will not be terminated. This allows for a smoother progressive profiling experience, where users can add new identifiers without disruption.
2. Changing Existing Identifier: When an existing identifier is modified, the user’s session will terminate, and the user will have to re-authenticate. This ensures security best practices are followed when updating key account information.

Why This Matters: Previously, any update to an identifier (whether adding or changing it) would terminate the user’s session. This could lead to a poor experience, especially during progressive profiling, where users are expected to update or add information without being logged out. With this update, customers can offer a seamless experience for users adding new identifiers while maintaining strict security for changes to existing identifiers.

Rollout Timing: This change will be rolled out progressively over the next 1-4 weeks. Customers can expect to see the updated session handling behavior in their environments during this period.

Action Required: No immediate action is required from customers, but it is recommended to review any user flows that involve the addition or modification of identifiers to ensure they align with this change.