Progressive Profiling & User Traits
LumoAuth gives you two complementary tools for building rich user profiles over time: Progressive Profiling collects information incrementally during the login flow, and User Traits let you store arbitrary custom attributes against any user.
User Traits
User traits are custom key-value attributes you can attach to any user in your tenant. Use them to store application-specific data alongside the standard profile fields (name, email, etc.).
Supported Trait Types
| Type | Example |
|---|---|
| String | plan: "enterprise" |
| Number | credits: 500 |
| Boolean | email_opt_in: true |
| JSON | preferences: { theme: "dark", locale: "en-US" } |
Managing Traits in the Portal (Customer 360 View)
Each user has a Customer 360 view in the portal — a single page showing everything about that user.
- Go to
/t/{tenantSlug}/portal/users/{userId}/360 - Scroll to the Traits section
- Click Add Trait to create a new key-value pair
- Click any existing trait to edit it
- Click the trash icon to delete a trait
The 360 view also shows:
- Linked identities (connected social or enterprise accounts)
- Consent preferences with timestamps
- Recent activity log (last 20 audit entries)
Traits via API
# Set a trait
curl -X PUT https://your-domain.com/t/{tenantSlug}/api/v1/abac/users/{userId}/attributes/{slug} \
-H "Authorization: Bearer {admin_token}" \
-H "Content-Type: application/json" \
-d '{"value": "enterprise"}'
# Read all traits for the current user (available in the user's session)
curl https://your-domain.com/t/{tenantSlug}/api/v1/abac/my-attributes \
-H "Authorization: Bearer {access_token}"
Using Traits in Authorization
User traits integrate with ABAC (Attribute-Based Access Control). You can write policies that evaluate trait values at runtime:
user.traits.plan == "enterprise" AND user.traits.email_opt_in == true
See ABAC for details on writing trait-based policies.
Progressive Profiling
Progressive profiling lets you collect user information gradually — asking for one or two fields at a time during the login or post-login flow — rather than presenting a long registration form upfront.
How It Works
- A user authenticates normally
- LumoAuth evaluates whether any configured profile rules apply to this user
- If a rule matches (e.g., "user has not provided their job title"), the user is redirected to the profile completion step
- The user fills in the requested fields
- The profile data is saved and the user continues to your application
This approach improves registration conversion rates while still collecting the data you need over time.
Enabling Progressive Profiling
- Go to
/t/{tenantSlug}/portal/settings/authentication - Toggle Progressive Profiling on
- Click Configure Rules to define when and what to ask for
Configuring Profiling Rules
Rules are defined as a JSON configuration. Each rule specifies:
| Field | Description |
|---|---|
fields | Which profile fields to collect (e.g., ["job_title", "company"]) |
condition | When to show the prompt (e.g., after first login, after N days, if field is empty) |
required | Whether the fields must be completed before the user can proceed |
title | Heading shown to the user on the profile completion page |
description | Optional instruction text |
Example rule:
[
{
"fields": ["job_title", "phone"],
"condition": "missing",
"required": true,
"title": "Help us personalize your experience",
"description": "Just a couple of quick questions."
}
]
Profile Completion Flow
When a rule triggers, the user lands on /account/complete-profile/. This page:
- Shows only the fields configured in the matching rule
- Marks required fields clearly
- Allows the user to skip optional rules (if
requiredis false) - Saves responses as user profile fields or traits
Use multiple rules with different conditions to gather data at the right moments — for example, ask for a phone number on the third login, or when the user first accesses a sensitive feature.