This website uses cookies

We use limited tracking features to help improve our site. We also share information about site usage with our advertising and analytics partners, who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. By continuing to use our site, you are consenting to our use of cookies. For more information, please review our privacy policy.
Mugo Web main content.

Graduated authentication for user accounts

By: Paulo Valle | May 27, 2026 | development

One of our clients needed to migrate all their customers to another entitlement service, requiring them to create new Single Sign-On (SSO) accounts. Concerned that many customers might struggle with the SSO setup process and overwhelm the customer support team, Mugo designed a "graduated authentication" system that dynamically balanced temporary free access with required account creation, allowing our client to manage customer support workload in real time. Instead of forcing all customers to the SSO setup at once, a smooth transition was implemented, providing immediate support for anyone who needed it.

Migrating to a different authentication system is not a simple task. It can quickly become a nightmare when the new system requires all users to go through a multi-step process to create a new Single Sign-On (SSO) account, including email verification.

Initially, our client attempted a hard transition by setting a launch date for the new authentication system and giving customers time to create their accounts in advance. Unfortunately, many users ignored the warnings and waited until authentication became mandatory, resulting in an overload for the customer service team. Many customers were unable to complete the SSO setup process and, as a result, could not access the site's content.

Special considerations were needed to ensure users had the guidance and support needed to complete account creation, while also allowing the customer service team to manage the increased demand during the transition period. Until a viable solution was established, the site's paywall was temporarily removed, and the content was made freely available.

The client's proposal

The client’s team proposed a “spread-out login” approach. Their idea was to select 7-10% of customers per day for SSO account setup while granting free access to the remaining users. The goal was to limit the number of users going through the setup process at any given time and help keep customer service calls at a manageable level. They suggested giving three weeks of free access to everyone, and building logic that would make login sessions expire only on weekdays in the following month. As the session expires, the users will be automatically forced to authenticate their access and eventually set up an SSO account.

As you can imagine, this approach had some critical points to consider:

  • Users without prior access would be immediately prompted for SSO account creation.
  • There was no guarantee users would visit the site on the day their subscriber session expired. That could create days with fewer users and days with more users in the SSO account setup interface, potentially still overloading customer service.
  • No logs or insights were available, other than the total number of SSO accounts created.

The spread-out login idea was a good start, but the “how to implement it” required refinement.

Our proposal

To help address those issues, Mugo Web proposed an interface that randomly grants access to content while using a predefined “skip rate” to select users for SSO account setup and giving free access to others. This allowed our client’s team to adjust the skip rate dynamically based on customer service workload:

  • If the support team were at capacity, they could increase the skip rate to send fewer users for SSO account setup.
  • If the support team had extra bandwidth, they could lower the skip rate to send more users for SSO account setup.

When a user accesses a page with a paywall, the graduated authentication service is triggered. Using an internal counter and the predefined skip rate, the service determines whether the user receives free access or must authenticate.

If the user is selected for free access, the service assigns them a subscriber role valid for 24 hours. This removes the user from the graduated authentication logic for that day and grants full access to the site content.

If the user is selected for authentication, a cookie is created to identify the user and require a valid account to proceed. This prevents users from starting account setup, abandoning it, and later returning to the site to receive free access via the spread-out service. The user can then choose whether a new SSO account is required or proceed with a standard login. After successful authentication, the user receives a subscriber session valid for 30 days. This ensures they are properly handled by the system without re-entering the graduated authentication login process or interfering with users who do not have an SSO account.

Flowchart for the graduated authentication process: Customer 1 and Customer 2 enter the spread out login for anonymous users.

Under this logic:

  • Users with a valid SSO account and authentication would receive a 30-day session, and are removed from the graduated authentication flow.
  • Users selected for SSO account setup would not receive free access and will be required to complete the setup.
  • Users given a free day of access would receive a 24-hour session, ensuring that all customers eventually complete SSO account setup.

Custom interface

Mugo Web built an interface that allowed our client’s team to adjust the skip rate and monitor login activity in real time. Logs of previous days were also available to help them compare performance over time and determine the optimal skip rate for each period.

With this interface, they could disable the graduated authentication entirely by setting the skip rate to zero, forcing all users through authentication, or set a high value to grant 24 hours of free access to all users.

Screenshot of the graduated authentication interface. Site admins can set the skip rate (here at 5). The interface shows the current levels of access: 2859 users selected to create SSO accounts; 331 granted free access; 2639 users with incomplete SSO accounts.

Conclusion

Overall, our client was very satisfied with the solution. Initially, they were skeptical that the graduated authentication logic would effectively push all customers to SSO setup while keeping customer service calls manageable. By the first day of testing, they were convinced — adjusting the skip rate allowed them to control the user flow perfectly. The graduated login solution ensured all customers completed SSO setup sooner than estimated, exceeding the expectations of the customer service team.

The strength of having a long-term development partner is having a team at your disposal that understands the ins and outs of your business. At Mugo Web, we specialize in providing custom solutions that perfectly fit our clients’ needs — even needs they didn’t know they had. If you are looking for a developer you can trust to have your business’s best interests at heart, contact us today!

Related Blog Posts

Is a paywall right for your magazine?
Business solutions, User experience, and Web solutions

How to develop the right paywall for your publication

Paid content and circulation have always been a mainstay of the magazine publishing business (with the exception of controlled circulation magazines). And prior to the advent of the Internet, it was, for the most part, the norm for readers to pay for magazine content, either by purchasing a newsstand copy, or by buying a subscription. The same has not been true for magazines online.

LEARN MORE
A meter above icons for articles, audio, and video content
development and Business solutions

Flexibility and scale are key features in new content paywall system

Subscription paywalls are an essential part of any publisher’s strategy to build a strong brand and diversified revenue stream. Our team at Mugo Web has worked with several publishers to implement paywalls based on content type, age, and subscription level. Imagine any criteria you can, and we’ve built a paywall to give site visitors gated access to premium content.

LEARN MORE
https://openclipart.org/detail/170708/iron-gate-by-merlin2525-170708
Business solutions and Case study

Subscription-based sites: softer / combination paywall solution

On subscription-based websites, digital publishers often restrict the majority of content to registered users and/or paid subscribers. However, publishers still need a way to enable non-registered users to sample the website in order for the visitors to more fully understand the benefits to subscribing. This is sometimes called a "softer" or "combination" paywall as opposed to a fully hard paywall (everything protected) or a "porous" paywall (everything available given the right conditions).

One solution for a softer / combination paywall that Mugo recently implemented uses special "hash" URLs to provide time-limited, full access to select articles.

LEARN MORE


Mugo Web
Unit 205, 332 Columbia Street
New Westminster, BC
V3L 1A6, Canada

Phone: 604-637-6396
E-mail: hi@mugo.ca

SAY HI
Services
Portfolio Blog About Meet the Team Contact

Site Map

© 2008-2026 Mugo Web. All rights reserved. | Privacy Policy