ShopSTAR3 treats the shopper relationship as a first-class platform concern. Authentication, segmentation, data rights, and CRM connectivity are native capabilities — not integrations that stores configure individually. Stores on the platform share a consistent, compliance-ready identity model that scales from a single storefront to a full enterprise deployment.
Authentication#
Customers authenticate to the storefront using the store’s configured identity method. Each store can independently configure:
- Platform-managed credentials — email and password stored by the platform. Default for all stores.
- SAML 2.0 federation — enterprise SSO via a corporate identity provider. Identity attributes from the SAML assertion (department, cost centre, employee ID, etc.) are preserved and available for downstream use (pricing, access control, content targeting).
- OIDC / OAuth 2.0 — social login or third-party identity provider. Multiple providers can be active on the same store simultaneously.
Regardless of the identity source, the platform always issues a normalized platform token after authentication. No service downstream of the gateway handles raw SAML assertions or third-party tokens.
Shopper Groups#
Define named customer segments and use them to control what customers see and what they pay.
A customer can be a member of multiple groups simultaneously. Group membership is managed by staff or assigned automatically via integration rules.
Groups are used across the platform to:
| Module | How groups are used |
|---|---|
| Catalog — Prices | Each price list is assigned to a shopper group; members see the group’s prices |
| Inventory | Group-based visibility of backorder or preorder items |
| Marketing | Promotions can be restricted to specific groups |
| Content | Sections and banners can be targeted to specific groups |
| Shipping | Shipping method availability can be restricted by group |
Privacy and Data Rights (GDPR)#
Customers have four enforceable data rights, accessible through the storefront account area or submitted to support:
| Right | What happens |
|---|---|
| Access | A compiled export of all personal data held across the platform is prepared and delivered |
| Portability | Same as access but delivered in a machine-readable format (JSON) for use with other services |
| Rectification | Stored profile fields (name, email, phone, addresses) are corrected on request |
| Erasure | Personal data fields are permanently nulled out. The customer record and order history are retained for financial integrity, but all identifying information is removed |
Erasure is coordinated across the platform — all services that hold personal data anonymize their records in response to a single erasure event.
CRM Integrations#
Connect the store to external CRM platforms to sync customer profiles, group assignments, and purchase history. Sync is event-driven — customer creation, profile updates, group changes, and GDPR erasure events are all forwarded to the connected CRM.
Custom Properties#
Define and manage custom properties on customer records to capture store-specific data beyond the standard profile fields — for example, account tier, internal customer code, or B2B contract reference.