Why is it recommended that org-level extensions include login context as well as Cogito security values?

• A. Because not every user will have values set in their Cogito form.
• B. Because login context is required by policy.
• C. Because it simplifies extension creation.
• D. Because it ensures only admins can run reports.

Answer: (A)

The main idea is to rely on reliable identity data for extensions by using login context along with Cogito security values. Login context is consistently available for each user session, so it provides a dependable way to identify who is using the extension and what their session attributes are. Cogito security values, however, may not be set for every user—some users might not have completed their Cogito form or may have missing fields. By including login context, the extension remains usable and can apply permissions or behaviors even when Cogito values are absent, making it more robust and auditable. The other options miss this core point: policy requirements, ease of extension creation, or admin-only reporting aren’t about handling missing per-user values.