A remote identity reflects a user authorization to a data source (i.e, Facebook, Google, Amazon...) or data destination (i.e., Google BigQuery, Amazon Redshift...).

An authorization to a source or destination is defined at the source or destination, not Openbridge. This means you are defining our access level and permissions upstream from Openbridge.

Understanding Identities And Authorizations

The authorization is what defines access to a resource. In the case of sources, it is not uncommon for them to redirect a user to their site to authorize access so Openbridge can connect to a source account. As a result, Openbridge does not have insight into the process on the source website where an authorization occurred. Our visibility is limited to receiving an authorization token from the source.

For example, when authorizing Amazon Advertising, we actually redirect you to the Amazon Advertising website to authorize Openbridge. Given that you are on the Amazon website, Openbridge will not have any visibility into the email, password, user account settings...that was input at Amazon. All Openbridge sees is that Amazon supplied us with an authorization token granting access. Openbridge will not know what email, the user, or other information was entered on the Amazon site. It is important that you properly label your identities to help you identify what information was entered at the source website as Openbridge will not have any insight into the information supplied during authorization at Amazon (or any other source/destination).

Scaling Authorizations

A remote identity may be reused across several resources for a data source. This allows you to have a one-to-many association. For example, you may have a Facebook account (user1@foo.com) that acts as a "page manager" across 30 Facebook pages. Openbridge allows you to register this Facebook account as a remote identity. Openbridge would then present you with all the resources at Facebook a remote identity can access, as defined by Facebook. You can use the remote identity to connect to all 30 Facebook accounts or just 1. 

This capability is dependent on the source system, not Openbridge. Not all sources offer a one-to-many association.

Using Group Emails

For more information on why using group emails simplifies ongoing management activities like authorizations, fixing errors, and dealing with alerts, see

Reauthorizing Expired or Disconnected Authorization

Authorized access to your accounts becomes disconnected from time to time. These authorizations can expire for several reasons, including password changes, accounts getting locked, someone removing a setting, user access removal, lack of billing/payment at the source, or there is a limited lifespan of an access token. 

While this can be frustrating, it's good to keep in mind that this is normal behavior and is usually the result of a change to keep your account safe and secure by a source system.

When authorizations expire, you need to reconnect and authorize us again. Openbridge will send "Authorization Failure" notifications via email when we detect that your account authorization is not working.  It will look something like this:

Simply proceed through the process again to reconnect our authorization. It is important to note that an authorization token is tightly bound to the original authorizing user.

If you are attempting to use a different account than what was originally used for the first authorization, this will be rejected by the source system when we attempt to reauthorize. For example, an Amazon Advertising identity was created with user 1@foo.com. If you attempt to reauthorize the account with user99@foo.com, Amazon, not Openbridge, will reject that request. They will see there is a mismatch between the original user authorization and a reauthorization attempt.

Removing Remote Identities

Removing remote identities requires a request to support@openbridge.com. This ensures an identity is not removed that may accidentally disconnect your data feeds. Without a remote identity authorization, any active data flow would stop.

Removing an identity, in this case, would disrupt the flow of data. Depending on the data source, there may be no way to re-request this information upon reactivating the data connection. 

In our Facebook example, if you requested that we remove the identity attached to 30 Facebook accounts, then the authorizations we have to collect data would be removed for all 30 accounts. Data collection would no longer work which may not have been the original intent of the removal. 

Did this answer your question?