Whenever people talk about Hosted Login, they typically talk about the underlying technologies: OAuth 2.0; OpenID Connect; API clients and client settings, login and token policies. That should come as no surprise: those technologies are pretty cool, and they’re the reason why Hosted Login is such a revolutionary new product.
At that same time, however, there’s another aspect of Hosted Login – the end user experience – that should never be discounted when discussing the things that makes Hosted Login so cool and so revolutionary. Out of the box, Hosted Login provides a sleek, modern user experience that can be used with minimal tweaking and branding. (Although, if you’re so inclined, you can go well beyond “minimal” when it comes to tweaking and branding.) In this documentation, we’ll provide an overview of the primary Hosted Login screens, giving you some idea of what it means for an end user to interact with Hosted Login.
Before we do that, however, let’s take a quick look at two diagrams. The first diagram shows how the login and registration screens connect to one another:
The second diagram shows how the user profile screens are connected:
And now, let’s take a closer look at each screen.
Hosted login supports two different ways for users to authenticate:
- Traditional login, in which a user signs on by supplying an email address and password.
- Social login, in which the user actually logs on to their account on a supported identity provider (such as Facebook or Twitter), then is given access to the app or website based on that IDP account.
Provides a way for users to create a traditional login account (that is, an account that uses an email address and password). Social registrations are not directly created from this page. Instead, a user who wants to register socially clicks their chosen identity provider on the login page, then logs on to the IDP. When user account information is returned from the identity provider, Hosted Login:
- Validates the password against the prescribed password rules (for example, passwords must contain at least 8 characters).
- Searches the user profile store to see if the account already exists.
If the password is valid and user account already exists, the user is logged on. If the password is valid but the user account does not exist, then Hosted Login initiates the process of creating a new account for the user.
Forgot Password Page
Provides a way for users to reset their account password. (Typically this is because users have forgotten their password; users who simply want to change their password can do so by accessing their user profile.) Note that the ability to reset a password applies only to a user’s Hosted Login password; it cannot be used to reset a password on, say, Facebook or Twitter. If a user can’t log on because he or she has forgotten their Facebook password, they’ll have to go through Facebook’s process for resetting their password.
User Profile Page
Provides access to the user’s user profile and other account-related information. This includes the ability to manage consents, and the ability to delete the account and all the associated personal data.
Personal Data Page
The typical user profile. You can modify the flow in order to specify which attributes users will have access to.
Account Security Page
Gives users a chance to change their Hosted Login password, and also to link their account with an identity provider account. For example, if a user links their account with Twitter, then that user can log on either by supplying their Hosted Login email address and password, or by logging on socially via Twitter. Users can also unlink social login accounts from here. In that case, the user removes the ability to login by using their Twitter of Facebook account.
Privacy Settings Page
Users can manage consents, request a copy of their personal data, and ask that their account be deleted.