Hosted Login: Supported Features


We're Moving ... Again

Yes, the Identity Cloud documentation is once more on the move. And this time we're headed to two different locations:

As for the Education Center, well, the Center itself will disappear on July 23rd. We apologize for any inconvenience, but we look forward to becoming a full-fledged member of the Akamai family.
 

Customer Identity and Access Management (CIAM) can mean many different thing to many different people. To help you determine where Hosted Login fits in the CIAM world, we’ve put together a list of some of the more common (as well as a few less common) features found in CIAM implementations, and have indicated whether these features are supported in the current release of Hosted Login.

Feature

Supported

Add JavaScript/HTML Markup to the Login Page

Users are limited to modifications that can be made by changing the flow or by using CSS.

No

Age Gating

Restricts access to a website or mobile app based on a user's age: users below a specified age (or users who have not provided a birthdate) are denied access. 

Yes

Change the Favicon

Organizations can change the default Akamai favicon that appears in browser tabs.

Yes

Change the Logo

Organizations can change the default Akamai logo that appears on the login and registration pages.

Yes

Configurable IDPs

Organizations can use standard protocols (such as SAML 2) to create social login identity providers that do not appear in the Akamai Engage app.

No

Consent Compliance

Restricts access to a site until a user has given their consent to a specific action. At this point in time, Hosted Login supports only a single marketing consent. Consent compliance is configured by using authorization rules.

Yes, but ….

Consent Management

Users can opt-in or opt-out of specified actions at any time. However, at the moment Hosted Login supports only a single marketing consent.

Yes, but ….

Custom Claims

Claims effectively represent a single user attribute: a user’s first name is a claim, a user’s middle name is a second claim, and a user’s last name is a third claim. Claims can be created to represent any attribute in the user profile.

Yes

Custom Domain Name

Organizations can work with their Akamai representatives to “CNAME” their Hosted Login URLs.

Yes

Custom Email Delivery Service

Transactional emails (for example, the password reset and the verify email address email) can only be sent by Akamai.

No

Custom Scopes

Organizations can create and request custom scopes (that is, custom collections of OIDC claims).

No

Custom Screens

Users can create custom screens to be displayed during the login/registration process.

No

Customize Authorization Rules

Add new authorization rules: policies that must be met before a user can log on to a website or app.

No

Customize Token Lifetimes

Access token and refresh token lifetimes can be modified by using token policies (by default, access tokens expire after 1 hour and refresh tokens expire after 90 days). However, modifying token policies must currently be done by Akamai.

Yes

Delete Account

A user can delete his or her account and all the data associated with that account.

Yes

Display and Save Plural Attributes

Plural attributes (attributes that can contain any number of objects) can be displayed in the login, registration, and user profile screens.

No

Email Verification

Websites/apps can prevent a user from fully logging on (i.e., from receiving an access token) until the user has verified their email address.

Yes

Email-only Registration (Light/Subscription Registration)

Registration method in which a user supplies an email address but no password.

No

Forgot Password

A user who can’t log on because they have forgotten their password can request an email link that will enable them to create a new password.

Yes

Legal Acceptances

Restricts access to a website or mobile app until a user has agreed to the terms of service and the privacy policy. At this point in time, those are the only two legal acceptances supported by Hosted Login. Legal acceptances are configured by using authorization rules.

Yes, but ….

Link Social Accounts

Enables a user to add a social login identity provider to their current account.

Yes

Localize Text

Translations can be added to a site by modifying the flow. Hosted Login supports all Unicode characters.

Yes

Manage Hosted Login by Using APIs

All Hosted Login components can be managed by using APIs. However, at this point in time, the only APIs available to customers are the ones used for managing “traditional” Identity Cloud components (such as applications, API clients, entity types, and flows). APIs for managing OpenID Connect components – such as OIDC clients, login policies, and token policies are not yet publicly available. 

Yes, but ....

Manage Hosted Login by Using the Console

Manage Hosted Login by Using the Console

“Traditional” Identity Cloud components (such as applications, API clients, entity types, and flows) can be managed by using Console. However, OpenID Connect components – such as OIDC clients, login policies, and token policies – cannot be managed by using Console. Instead, these components must, for now, be managed by Akamai Professional Services.

Yes, but ....

Merge Social Accounts

If a user with an existing account logs on by using a social login identity provider that uses the same email address as the existing account, the existing account and the new IDP account can be joined together.

Yes

Mobile Device Access

Users can log on to or register with a website or app by using a mobile device. Note that Hosted Login supports the use of app browser tabs but does not support webviews. 

Yes

Mobile Number as Identifier

Users can log on to a website or app by using their mobile device number rather than their email address.

No

Modifications to the CSS

Organizations can override the CSS stylesheet that dictates the look and feel of login, registration, and user profile screens. You can apply a different CSS stylesheet to each Hosted Login API client.

Yes

Modify the Hosted Login Flow

Hosted Login flows can be modified by using the Configuration APIs.

Yes

Multifactor Authentication

Security system that requires more than one method of authentication in order to verify the user’s identity.

No

One-time Password

Automatically generated character string that authenticates a user for a single transaction or session.

No

Organizations Can Host Their Own Web Pages

Currently all login, registration, and user profile pages are hosted by Akamai. However, organizations are required to host their custom CSS stylesheets, icons, or favicons.

No

Password Change/Reset

Users can change their own passwords, without requiring helpdesk support.

Yes

Post-Logon Validation and Processing

Validation and other processing which takes place after the logon/registration screens have been dismissed. 

No

Premium IDPs

Identity providers that require initial configuration by Akamai support personnel before those IDPs are available in the Engage app. 

Yes

Progressive Profiling

Strategy in which you gradually build up a user profile over time, and in context. With progressive profiling, the personal data for a user is not collected all at once (e.g., at registration. Instead, data is collected over time, and only when needed to support the user experience.

No

reCaptcha

Advanced form of CAPTCHA that makes an initial assessment as to whether the entity attempt to register or to logon is a bot. 

Yes

Request a Copy of Stored Data

Users can request to see all of their personal data being stored by a website or app.

Yes

Required Attributes

Websites/apps can prevent a user from fully logging on (i.e., from receiving an access token) until the user has provided a non-null value for attribute in a specified set of required attributes.

Yes

Silent Merge

User profile management strategy in which accounts that share an email address are automatically linked, without alerting the user and without requiring that user to sign in to his or her Identity Cloud account. This is not allowed in Hosted Login.

No

Single Sign-on

Single sign-on is possible for sites that share the same OpenID Provider. Single sign-on is also available for all the apps on the same mobile device.

Yes, but ....

Social Registration

Users can log register with a website or app by first logging on to an existing account with a social login identity provider such as Facebook or Twitter.

Yes

Social Sign-on

Users can log on to a website or app by first logging on to an existing account with a social login identity provider such as Facebook or Twitter.

Yes

Standard Login and Registration Events

Standard login and registration events (including traditional/social logins and registrations as well as user profile updates) are still recorded, but there is currently no way for you to bind to those events.

Yes, but .…

Step-up Authentication

After initial logon, and based on risk level, a user can be asked to provide an additional form of authentication before they can be fully logged on to a website or app.

No

Thin Registration

Social login registration method in which the socialRegistration screen is not displayed after a user logs in for the first time using a social provider.

No

Third-Party Analytic Tools

Customer Insights is the primary analytic tool be used with Hosted Login. It is possible to use Google Analytics with Hosted Login; contact your Akamai representative for more information.  

Yes, but ....

Traditional Registration

Users can register with a website or app by creating an account that uses an email address and password for logging on.ord.

Yes

Traditional Sign-on

Users can log on to a website or app by supplying an email address and password.

Yes

Two-factor Authentication

After signing on with an email address and password, users are required to supply another form of authentication (such as a code sent to their mobile device) before they can be fully logged on to a website or app.

No

User Profile Management

Users have the ability to view, and to modify, their user profile.

Yes

Webhooks-Compatible

Akamai webhooks can be used to record activities such as user logins, user registrations, and user profile changes.

Yes