Skip to main content
All CollectionsGetting started on CannySetup
Secure Identify for Canny Identify
Secure Identify for Canny Identify

Canny's Secure Identify setting enhances security by preventing user impersonation through a hash requirement

Sara Al Mouaswas avatar
Written by Sara Al Mouaswas
Updated over 2 months ago

Overview

To enhance the security of Canny Identify, we are excited to introduce a new setting: Secure Identify. This setting is designed to protect your organization against user impersonation.

Benefits

  • Additional protection against user impersonation when using Canny Identify


How to enable Secure Identify

Before you begin, Owner-level admin permissions in Canny are required to set up Canny Identify.

To enable Secure Identify, just begin using the regular install process at https://developers.canny.io/install. Simply follow the steps to add the SDK to the page where you have Canny linked.

Next, visit https://developers.canny.io/install/security to add the Secure Identify component and prevent user impersonation. This process will require you to use a server to generate a hash for that individual user and return that to Canny before the user can be authenticated.


FAQ’s

What does Secure Identify do?

Turning on the Secure Identify setting safeguards your organization against user impersonation by ensuring that only requests that origiate from your application to identify users are processed successfully.

What is user impersonation?

User impersonation is a serious security issue where a malicious actor gains unauthorized access to a legitimate user’s account. This type of attack allows the impersonator to post, comment, or vote on behalf of the user, as well as view content restricted to that user.

How does Secure Identify work?

When you enable Secure Identify, all subsequent identify requests from your application to Canny will require a user-generated hash. This hash is created using your secret API key, ensuring that only requests from you are processed. By enforcing this requirement, we prevent unauthorized parties from sending legitimate requests without access to your API key.

While enabling Secure Identify is optional, we strongly recommend it as a proactive measure to safeguard your organization against potential threats and bad actors.

Will this impact my user experience?

Rest assured, enabling Secure Identify will still provide the same seamless experience for your users. The authentication process remains under the hood, ensuring that legitimate users can continue to access their accounts without any additional hurdles.

What about admins?

For security reasons, it is still not possible to authenticate Canny admins through Canny Identify. Canny Identity is intended for end users only.


Related Articles:

Did this answer your question?