Polar Flow web service update – Single Sign-On (SSO)
Polar have released Single Sign-On (SSO) functionality for the Polar Flow web service. SSO is an authentication method that allows users to log in once and access multiple applications or services without repeatedly entering credentials. It improves the user experience by streamlining access while also boosting security through centralized authentication.
New Flow landing and Sign in pages
The Flow landing page now features a new dialogue box with options to sign in to an existing Flow account or create a new one.
The Sign in link takes a user to a page to type in the login credentials.
Also, the Forgot your password link has been moved to Sign in page from its previous location on the Flow landing page.
Renewed steps for creating a Flow account
The process for creating a new Flow account has been updated. Instead of a single form, there are now eight consecutive steps to collect the necessary information before an email verification link is being sent.
The steps are as follows:
1. Start on the page where to type in an email as your login name.
2. Entering account password.
3. Providing privacy consents.
4. Providing personal data consents.
5. Providing personal and sensitive data consent.
6. Providing research & development refusal.
7. Entering basic information, including name, date of birth, location, and preferred units.
8. Verifying email address by sending the link.
Finally, the Flow process ends with a request to check the email inbox.
The link in the verification email leads to a web page where users can access their desired web service.
Expiration of email confirmation link
The email address linked to the user’s Polar account must be confirmed within 24 hours. After that, the link will expire, and the user will be advised to try again.
Session expiration
For improved information security, Flow sessions will expire after one hour of inactivity.
SSO sessions expire primarily for security reasons, such as minimizing the risk of unauthorized access and reducing the potential for session hijacking. Expiration also helps manage system resources and ensures users have up-to-date access rights. Regular session expiration enforces re-authentication, maintaining security compliance and reducing long-term exposure to vulnerabilities. This balance ensures both security and operational efficiency.
Other refreshed UI flows
There are new, refreshed web pages for ‘Forgot Password’, ‘Change Email Address’, and ‘Change Password’.