Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

What platforms and configurations are required to know the email identity of an authenticated user that clicks on a specific website link?

Avatar

Level 1

For example, how do I use the AuthGuid metric (or other metric?) in Adobe Analytics to find a user's email address (the same address used during login authentication)?

5 Replies

Avatar

Community Advisor

Personally, I wouldn't track a user's email address in Analytics as this is a privacy concern.... 

 

In my own company, we track the unique User GUID... IF that user's email needs to be known, it has to go through a few channels of approval where the guid can be looked up in the user authentication service, which not everyone has access to.

 

Or is that what you are asking? You have a GUID and you want to find the email address? You will need to contact the team that manages your authentications and ask them to look it up...

Avatar

Level 1

Thanks! Yes, 100% agree that identifying visitors is not best practice. In fact, I need this information to convince my manager not to do this. Would the team that manages our authentications simply need to look up the email according to the custguid or authguid, or is there more to it? I thought custguid was mapped to a machine's mac address, so would they need the authguid? Any insight is appreciated.

Avatar

Community Advisor

It really depends on your implementation... our authentication systems has a unique user GUID (not the mac address)... When the user logs into the site and every page/action they visit or interaction with while they are logged in, I capture that GUID in an eVar. If the user doesn't log out, that GUID is captured when they return to the site. When they log out, the GUID is cleared from the systems and subsequently from tracking. (I know some implementations set their eVar to never expire... but with shared devices, we treat "sign out" like a clean slate. Therefore I rely on passing the GUID on each call.)

 

I don't know enough about your implementation to know if what you are capturing is tied to the user's device, or tied to the account... Or are you talking about the user's ECID? which is Adobe's users identification GUID? If that's the case, then yes, that is just your Adobe UV identifier.... You would need to see how your authentication system works, where the data is stored (cookie? session storage? etc) and how to extract it... then you need to know if this is an actual user id, or just an authentication token.

 

An Authentication Token would be a different value on each log in, and basically acts as an interface between your site and the authentication portal to say "this is a valid login session"... but overall, that data wouldn't be helpful to you.

 

You may need to reach out to your developers to explain what you are trying to do, and work together to find a solution.

Avatar

Community Advisor

Yes!  Highly agree agree with @Jennifer_Dungan here.  Capturing email at that level is highly discouraged, particularly with the CCPA and other privacy laws coming down hard recently.  If it's your boss you need to convince, I would simply point him to those regulations and show him recent articles where companies are getting hit with fines.

For instance, look at what happened to Amazon!
https://www.bloomberg.com/news/articles/2021-07-30/amazon-given-record-888-million-eu-fine-for-data-...