Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Understand Guest User Identity

Learning Objectives

After completing this unit, you’ll be able to:

  • Describe the benefits of identifying guest users.
  • Explain how to use the guest user flow to carry context into a named user session.

What Are Guest Users and Why Do They Matter?

Fast forward: you’ve successfully implemented headless identity on NTO’s ecommerce app. Customers can self-register for your app, log in with a password or without, and reset forgotten passwords. You’ve even implemented a native SSO experience in your app so that users can log in with Google, Facebook, and other social login providers.

Thanks to your identity implementation, you now know who your users are from the moment they log in, which helps NTO with their goal of unifying customer data across the company. But as you’re browsing NTO’s metrics one day, you notice that the app has a lot more daily views than it does user accounts.

The difference is explained by unknown visitors. Unknown visitors visit the app, but they don’t necessarily register or log in. Because NTO wants customers to log in to buy products, you want to understand what drives these unknown users to create accounts. What if there were a way to identify repeat visitors before they even log in? If you could know who your visitors are, and monitor their activity, you’d understand what experiences inspire them to create accounts and buy products. And you can market to them more effectively—another win for digital marketing!

Understanding the Guest User Flow

With the guest user flow, uniquely identify all users who visit your app, even if they don’t log in. This flow is another variation of the Authorization Code and Credentials Flow. But unlike the versions we talked about earlier in this module, this variation doesn’t result in the user being logged in. Instead, it fingerprints the interaction with a unique token.

Here’s how it works: Say an unknown visitor visits your app for the first time, which your app assesses using cookies or other browser fingerprinting techniques. So, it generates a unique visitor ID (a UVID). Salesforce mints the UVID value into a guest access token that contains the UVID, and at the end of the flow, the user has a guest access token tied to the UVID value. You now have a way to identify the guest user. Store the UVID in a browser cookie, and if the user visits the app again, you have the UVID to identify them.

This diagram shows you how the guest user flow works with a public client. Notice that just like the other variations of the Authorization Code and Credentials Flow, it includes calls to the authorization and token endpoints. In the guest user variation, your app exchanges the UVID for an authorization code, instead of exchanging a username-password or request ID-OTP combo. Unlike all of the other flows, no data is created or stored in Salesforce. 

Diagram showing the guest user variation of the Authorization Code and Credentials Flow for a public client.

Extending the Guest User Flow into a Named User Flow

The guest flow is great for creating UVIDs that uniquely identify users to understand how they interact with your app. But the true power of the UVID is that you can pass it into other variations of the Authorization Code and Credentials Flow, letting you carry context from guest users to named users.

For example, a user visits your app, browses around, and decides to log in. When they first landed on the app, you kicked off a guest flow and created a UVID in the background. Now, when the user logs in, you can pass the UVID straight into a named user headless login flow. The flow results in a named user access token with the UVID etched into it, meaning that your app has a complete picture of the user from when they visited the app to when they logged in. This allows you to mark and understand the conversion point from unknown to known user and unify tracking and analytics data.

In this high-level diagram, see how the UVID is passed from the guest flow to a named user flow.

Sequence diagram showing the high-level steps for extending the guest user Authorization Code and Credentials Flow into a named user flow.

Carrying context from guest user to named user gives power to make your customers and your stakeholders happy.

Remember Your Users’ Preferences

The UVID helps you keep track of how guest users interact with your app, so you can remember information about them and when they become named users. A great example of this use case is cookie consent.

Say that a guest user visits your app and you kick off a guest flow and create a UVID. While the user’s browsing, the app pops up a cookie consent banner. The user accepts the preferences in the banner, creating another cookie. In this cookie, you can store information about the user—like the fact that they’ve already seen the banner. If you tie this cookie to the UVID, when the user logs in, the UVID tells you that they’ve already seen the cookie consent banner. You can use this information to save your user from dealing with extra noise, giving them a better experience. It also allows you to carry their already completed consent forward.

Another powerful example of recognizing guest users is shopper identity. A guest user browses your app and sees a few products that they can’t resist, so they add them to a guest cart. The cart, like the cookie in the previous example, is keyed to the UVID value that your app generated. In this case, the UVID functions kind of like a cart ID. If the user returns to the site, the UVID allows you to restore their cart so they can pick up where they left off. If, when the user goes to check out, they’re not logged in, your app kicks off a headless login process. It passes the UVID straight into the flow and pops out an access token with the UVID. Now your application can pull the UVID from the named user access token and can find the correct cart for the logged in user, so they can finish checking out.

While it’s possible to do these things without the UVID and the headless guest flow, these concepts give you a reusable, repeatable, and understandable pattern. This concept can be extended in several different ways. It’s only limited by imagination—and of course, country and regional privacy laws. 

Understand What Drives Users to Make Accounts

Once you have a complete picture of your users’ journey through your app, you start to understand exactly what kinds of experiences make guest users into loyal customers. For example, what kinds of registration experiences appeal to your customers? Do they prefer regular old registration? Registration with only an email address? Creating an account through a social provider like Google?

Beyond identity, with the UVID and an app analytics tool, monitor every experience in your app and draw conclusions about how it affects your users. Maybe that promotional popup makes users more likely to register; or maybe it’s annoying and makes them leave your app. Either way, guest user identity helps you get the answers you need.

Wrap Up

As you can see, headless identity is a powerful, flexible solution for your off-platform apps. With it, build an end-to-end identity implementation for any app on any platform, while maintaining full control over every step of the end user experience. Use your new knowledge to determine whether headless identity is right for your app. 

Resources

Teilen Sie Ihr Trailhead-Feedback über die Salesforce-Hilfe.

Wir würden uns sehr freuen, von Ihren Erfahrungen mit Trailhead zu hören: Sie können jetzt jederzeit über die Salesforce-Hilfe auf das neue Feedback-Formular zugreifen.

Weitere Infos Weiter zu "Feedback teilen"