Introduction to Hosted Login

When most people think about revolutions they tend to think about big events whose effects are difficult to miss. The American Revolution! The French Revolution! The Industrial Revolution! You say you want a revolution? Those are revolutions.

And yet, there are times when revolutions are more subtle, yet every bit as innovative and, well, revolutionary. Case in point? Hosted Login, the ​Akamai​ Identity Cloud’s revolutionary new approach to Customer Identity and Access Management (CIAM). Admittedly, Hosted Login might not look very revolutionary. After all, when a user visits a Hosted Login site they’re asked to sign on either by entering an email address and password or by logging on to an existing account with an identity provider such as Facebook or Twitter. You know:

Revolutionary? Well, like we said, it might not look revolutionary. But, then again, looks can be deceiving.

In fact, with Hosted Login it’s what you don’t see that’s so ground-breaking. Yes, the login process looks like every other login process. (Which isn’t bad: after all, it’s an approach that users are very comfortable, with.) But consider these facts about Hosted Login, and about CIAM in general:

  • Historically, CIAM implementations have fallen into one of two camps: either they were quick to deploy but offered limited customization, or they offered unlimited customization but were much more difficult to deploy. By comparison, Hosted Login strikes a middle ground between these two extremes. Arguably, it’s much faster and easier to add identity management to a website or app by using Hosted Login than it is to do the same thing by using, say, the Identity Cloud’s JavaScript SDK; this is especially true for large organizations that need to deploy a number of sites. At the same time, Hosted Login also offers many more customizations than the JavaScript SDK. Does Hosted Login offer the same level of customization and personalization that the Identity Cloud Authentication APIs offer? Not quite, at least not at the moment. But, then again, you can also deploy sites much faster using Hosted Login than you can using the Authentication APIs. Hosted Login strikes a nice balance between being easy to use and being flexible and powerful.

  • Although people rely more and more on mobile devices, mobile access has often been an afterthought in the CIAM world. That’s not the case with Hosted Login, however. Hosted Login is built on top of OpenID Connect and OAuth 2.0 ; that alone tells you that mobile is anything but a second-class citizen. In fact, registering for or logging on to an app or a website employs the same user experience regardless of the device you’re using.

  • The CIAM world has often been very proprietary, which meant a steep learning curve for developers. Because it’s based on OpenID Connect (OIDC), however, Hosted Login is different: app developers or website developers conversant in OIDC and capable of using an OIDC library such as AppAuth can easily connect to the ​Akamai​ Identity Cloud by using Hosted Login.

  • Hosted Login is entirely cloud-based. Not only does this eliminate the costs associated with managing an on-premises CIAM product, but it also provides you with ​Akamai​’s unrivaled reputation for security and availability, including an industry-leading uptime of 99.999%. That equates to less than 8 hours of downtime a year.

How to get Hosted Login

If you currently subscribe to the ​Akamai​ Identity Cloud then you already have it: Hosted Login is not a separate product. Instead, Hosted Login is an integral part of the base ​Akamai​ Identity Cloud offering. In fact, after you subscribe to the ​Akamai​ Identity Cloud you’ll have access to three different ways to manage identities:

  • The JavaScript SDK. Also known as the widget, the JavaScript SDK provides the “classic” ​Akamai​ Identity Cloud registration and logon experience. Although relatively easy to deploy, the JavaScript SDK offers little in the way of customization.

  • The ​Akamai​ Identity Cloud Authentication APIs. Doing an API-based implementation of the ​Akamai​ Identity Cloud requires the most effort: you must write code to handle logins, registrations, and user profile updates, and you must create all your screens from scratch. Obviously that’s more-involved and more time-consuming. On the flip side, the Authentication APIs do give you the ability to give users a fully-customized login and registration experience. It’s a tradeoff between the ability to do anything and the amount of time it can take to do even one thing.

  • Hosted Login. Admittedly, Hosted Login might not be for everyone. For example, if you do need a fully-customized login and registration experience you’ll have to use the Authentication APIs and create one yourself; Hosted Login is not for the people who want to do everything themselves. But suppose you don’t need a one-of-a-kind registration and login experience, suppose you just need an experience that, via branding and theming, clearly conveys who your organization is. And suppose you’d like to quickly deploy a large number of sites without having to create each of those sites from scratch. And suppose you want to ensure that mobile devices are treated the same as any other device. And suppose – well, you get the idea. Hosted Login might not be for everyone. But that doesn’t mean that the vast majority of organizations can’t take advantage of it.

Perhaps best of all, using Hosted Login does not prevent you from using the other Identity Cloud approaches: organizations are free to mix and match Identity Cloud implementation methods. For example, suppose you already have a few sites running the JavaScript widget, and you’d just as soon leave well enough alone. That’s fine: existing sites can continue to use the JavaScript SDK while new sites use Hosted Login. And what if you later draw up plans for a “special” site that requires a level of customization and personalization not available in either the SDK or in Hosted Login? That’s also fine: use the Authentication APIs for that one site. It’s entirely up to you.


If you’re an existing Identity Cloud customer some minor changes might need to be made to your schemas in order to let you add Hosted Login to your identity management arsenal. For more information, contact your ​Akamai​representative.

Here’s a table that compares JavaScript SDK and Authentication API implementations with Hosted Login implementations:

ActivitySDK / APIHosted Login
Delivery ModelPlatform as a service (PaaS)Software as a service (SaaS)
User ExperienceIn-app experienceRedirect to identity provider
TrainingLearn the ​Akamai​ Identity Cloud APIsLearn industry-standard and certified OIDC client libraries
Integration Time1-3 days (not including design time)30 minutes
DevelopmentBuild or modify all UX components (HTML, JavaScript, CSS)Reuse or modify existing theming assets (CSS, logos, favicon)
Maintenance CostScales linearly with the number of applicationsCosts start lower and remain fixed as new applications are onboarded

And did we mention that Hosted Login is also fully-compatible with the ​Akamai​ tools you have come to know and love? For example, Hosted Login supports the same eventing structure as the JavaScript SDK and the Authentication APIs; that means that Hosted Login sign-in and registration events can be consumed by SIEM clients or viewed in Introduction to Customer Insights. Likewise, Hosted Login applications, API clients, and entity types (to name a just a few components) can be viewed and managed from within Console The only exceptions? At this point in time, OIDC-specific items – such as OIDC clients, login policies, and token policies – can only be managed by using the ​Akamai​ Identity Cloud REST APIs, and can only be managed by ​Akamai​. A more complete self-service approach is on its way, but isn’t quite here yet.

For a complete list of the CIAM features supported by Hosted Login, see Supported features.

Next steps

For more information about how Hosted Login actually works, see the article Authorization code + PKCE grant type. If you'd like a little background on OAuth 2.0 and OpenID Connect, take a look at the article OpenID Connect and OAuth 2.0. After that, feel free to browse around the site. We have a lot of Hosted Login documentation already published, with much more on the way.