The term "hybrid onboarding" refers to a technique that is used to improve the user registration rate on a website by leveraging a number of Internet standards including OpenID, OAuth and Portable Contacts. This combination has been used to increase registration rates to as high as 90%. In the documentation below we will show screenshots of an example flow, and then describe the changes that are needed to a website to support this flow.
Lets look at an example. If you are a Gmail user that gets an invitation to use Plaxo or Facebook, you used to be asked to perform the traditional process of creating a new account with yet another password, and then you might be asked to provide the password of your E-mail account so Plaxo or Facebook could lookup the list of or you friends. However now a Gmail user who clicks on such an invitation sees a page like the ones below:
Clicking the one button on that page takes the user to a page at Google that looks like the following:
If the user gives consent for this information to be shared, then they are sent back to Plaxo or Facebook, and they have now finished the key registration steps.
This type of registration process used to involve 10+ steps, including requiring the user to find one of those "Email validation" messages in their inbox. In the future if the user goes back to Plaxo or Facebook, then they can usually login by simply clicking a button and there is no need to enter a password.
While this industry effort started out with a goal of improving security, we ended up showing that there is huge value to website operators supporting this type of password-less hybrid onboarding. While Plaxo showed the first successful results in early 2009, other companies like Facebook are now using the same model because of the business value it creates for them.
While the technologies used for this flow are all standards based, the methods for how to combine them to achieve this success rate are not obvious, and took awhile for the industry to refine. Here is a summary of some of the best practices for this hybrid onboarding technique.
One limitation of this model is that it requires adding a button/logo for each trusted E-mail provider, and obviously there is a small limit to the number of buttons that can be added without causing usability problems. However, there are some more scaleable approaches described in this document on user experiences for Federated Login. Both Yahoo & Google host E-mail (and OpenID endpoints) for many other domains other then @yahoo.com and @gmail.com. By using a more scalable UI, it is possible to get the benefits of hybrid onboarding with a larger set of users. In Yahoo's case, this include ~50 domains that have some Yahoo association such as @yahoo.co.uk, @yahoo.in, @yahoo.ca, @ymail.com, @rocketmail.com. etc. It also includes domains they host for broadband partnerships such as @att.net @verizon.net @sbcglobal.net, @btinternet.com, etc. In Google's case, the other major domain they run is @googlemail.com, but in addition the Google Apps service hosts more then a million domains, including mail for many schools & ISPs. Information about how to integrate with those domains is available at OpenID API for Google Apps Accounts.