Documentation site map

We know: Identity Cloud is a big product with a large number of features, which means an equally large (and sometimes difficult-to-navigate) documentation set. That’s why we put together this site map. It might not be able to lead you directly to the resources of interest, but it can at least give you a rough idea of what you’ll find in each section of our documentation, and let you know whether or not those sections might be of interest to you.


This where it all begins. For those of you new to Identity Cloud, you might want to start by watching the overview video (which shows many of the key Identity Cloud features in action), or by thumbing through the article An introduction to Identity Cloud . And any time the Identity Cloud jargon throws you for a loop, just refer to Key concepts and terms for a quick definition.

Subsections in this category include

  • Welcome to Identity Cloud. Identity Cloud’s documentation home page. And home an overview video showing you what Identity Cloud does and how it does it.
  • How Identity Cloud works. Have no idea what Identity Cloud even is? Then we suggest you start here.
  • Key concepts and terms. Account merge? Secure audience injection? Etags and entity types? On this page you’ll find brief definitions of the terminology used in Identity Cloud, as well as links to articles that explain that terminology in more detail.
  • Identity Cloud documentation site map. The document you’re looking at right now.

Get started

The longest journey begins with the first step, and in this aptly-titled section you’ll learn how to take the first step (or, depending on what you hope to accomplish, the first steps) in getting Identity Cloud up and running.

Subsections in this category include

  • Before you begin. Questions you might want to think about before you begin setting up Identity Cloud. Getting Started guides. Links to our various Getting Started guides, perhaps the fastest and easiest way to get going with selected Identity Cloud features.
  • Supported web browsers. A good page to check before you fire up Netscape Navigator and try connecting to an Identity Cloud website.
  • Set up Hosted Login. A step-by-step guide to doing exactly what the name says: setting up Hosted Login.
  • Upgrade to Hosted Login v2. Upgrading to Hosted Login v2. Note that, in order to run the v2 version, you must first install Hosted Login v1 and then follow the surprisingly-quick and easy upgrade process.
  • Set up an API-based implementation. If you want the ultimate in flexibility and customization, you can skip Hosted Login and do an all-API version of Identity Cloud. (It’s more work, but you can pretty much do anything you want.)
  • JavaScript SDK implementation guide (legacy customers only). The JavaScript SDK (also referred to as the “widget”) represents Identity Cloud’s original approach to user logins and registrations. The JavaScript SDK is no available to new Identity Cloud subscribers: it’s been retired in favor of Hosted Login. However, legacy customers already using the JavaScript SDK can continue to do so. And continue to benefit from this documentation.
  • Configure Customer Insights portal access. When you subscribe to Identity Cloud, you’re given 5 Customer Insights licenses: 1 Developer license and 4 Viewer licenses. Here’s how you go about divvying up those licenses.
  • Customer Insights access permissions. Compares the two primary Customer Insights access levels: Customer Advanced User and Customer Basic User.
  • Test Hosted Login on the OpenID Connect Playground. So you think you have Hosted Login set up and ready to go? Here’s a quick and easy way to help verify that.

Identity Cloud features

The focus in this section is on conceptual information: for example, if you have no idea what Webhooks v3 is, you might want to start here. The articles found here will tell you what Webhooks v3 is, explain how it works, and tell you why you might (or might not) be interested in implementing the technology. The one that that these articles won’t tell you? How to actually manage Webhooks v3. In this section you’ll learn what a webhooks subscription is; to find step-by-step instructions for creating a webhooks subscription you’ll need to see one of our management section (in this case, Monitor user profile activity with Webhooks v3).

Subsections in this category include

  • Hosted Login. The fastest and easiest way to implement Identity Cloud’s registration and user login technology. Note that there are currently two versions of Hosted Login (v1 and v2), and several of the technologies listed here are available only to organizations running Hosted Login v2.
  • OpenID Connect and OAuth 2.0. Internet standards that make up the foundation Hosted Login is built upon.
  • Two-factor authentication (2FA). Adds an additional layer of security to user logins and registrations: after supplying a username and password, a user can’t be logged on (or can’t create an account) until they’ve also supplied an access code sent to them via email or text message. Only available to organizations running Hosted Login v2.
  • Client reputation. Akamai technology that rates the perceived risk of a given IP address. Based on the risk score and your organizational needs, you can require certain users (or at least users with certain IP addresses) to go through an additional authentication step or even be denied access. Available only to organizations running Hosted Login v2.
  • Risk-based authentication. Provides a way for organizations running Hosted Login v2 (risk-based authentication is not available in Hosted Login v1) to do a form of “step-up” authentication. For low-risk activities (such as browsing a web site) little or no authentication might be required. However, authentication can be required for higher-risk activities such as accessing loyalty award points or changing an account password.
  • Webhooks v3. Provides a way to get near-real-time notifications any time a user profile is created, deleted, or modified. You can also use event filters to limit notifications to specific changes. For example, you can receive a notification any time a user asks to be added to your mailing list, but not receive a notification if the user, say, changes their middle name from F. to Franklin.
  • SIEM event delivery. Security Information and Event Management, a recognized standard for aggregating, and analyzing, events within an IT organization.
  • JavaScript SDK logins and registrations. Also referred to as the “widget,” the JavaScript SDK is the predecessor to Hosted Login. Note that the JavaScript SDK is no longer available to new Identity Cloud subscribers; however, it remains supported for use by legacy customers who have already implemented (and are still using) the system.
  • Social login and registration. Technology that enables users to create accounts on, and then log on to, an Identity Cloud website or app without having to create an Identity Cloud-specific account and password. Instead, users can “piggyback” on an account they previously created on a social login identity provider such as Facebook or Twitter.
  • Data integration and migration. Data migration is the process by which an existing set of user accounts can be copied over to Identity Cloud. Data integration, meanwhile, provides a way for you to quickly and easily export all your user account data to a comma-separated values file, making it possible to then import that data into another platform or application. Or, if you use Salesforce Marketing Cloud, you can skip the import-export process and sync your Identity Cloud data with Salesforce.
  • Reporting and analytics. Aimed largely at Custom Insights, Identity Cloud’s data analytics and visualization tool.
  • User experience components (flows, forms, fields, and screens). How the user experience works, and what that user experience consists of.
  • Unique password enforcement. Place limits on how often users can employ a password they’ve used before.
  • Identity Cloud Console. Identity Cloud’s point-and-click tool for managing user accounts and your Identity Cloud infrastructure.
  • Applications and API clients. Both applications and clients are used to maintain configuration data important in defining the user experience. Both applications and clients can be managed by using Console, or by using the Identity Cloud REST APIs.
  • REST APIs. A brief overview of the Identity Cloud REST APIs and what they’re used for. Note that many Identity Cloud features (such as Webhooks v3 or custom providers) can only be managed by using APIs.

Manage user logins and registrations

At heart, Identity Cloud revolves around user logins and registrations; needless to say, then, being able to manage user logins and registrations is a key part of Identity Cloud administration. The articles found in this section should make those management tasks even easier.

Subsections in this category include

Manage social logins and social login providers

Identity Cloud’s predecessor (Janrain) was one of the early developers and proponents of social login, which enables users to log on to a website or an app by using their Facebook account or their Twitter account or an account created on some other social login identity provider (IdP). The value to the user? They can quickly and easily create accounts (and then access and manage those accounts) without having to come up with yet another username and yet another password.

This section of the documentation explains how to implement and manage social login. It also includes step-by-step information for working custom providers: social identity providers you can leverage even though they aren’t one of the “official” IdPs that ship with Identity Cloud. Want to use Twitch as an IdP or Slack as an IdP or some identity provider no one else has ever heard of? Well, as long as that provider supports OAuth 2.0, OpenID Connect, or SAML 2, the odds are pretty good that you can use them.

Subsections in this category include:

  • Configure social login in Hosted Login. Enable users to log on to Hosted Login by using a social login identity provider such as Facebook or Twitter.
  • Configure social login by using the Social Login Dashboard. The “old school” way of configuring social login. Can be used both with Hosted Login and with the JavaScript SDK.
  • Manage custom providers. Back in the day, you could only use a social login identity provider (IdP) officially supported by Identity Cloud. Thanks to custom providers, however, you can now use pretty much any social login identity provider. (Well, as long as that IdP supports OAuth 2.0, OpenID Connect, or SAML 2.)
  • Manage social sharing (legacy customers only).A largely-obsolete technology for content with social media platforms such as Facebook. Only available to organizations that have already implemented and are still using the technology.

Manage user profiles and user accounts

The articles in this section primarily target two key areas: 1) managing user accounts (creating accounts, deleting accounts, searching for accounts); and, 2) managing the schemas that determine the information that can be included in a user profile.

Subsections in this category include:

Manage monitoring and security

Success is generally a good thing: you want people to visit your website or download the app. But success can also make it hard for you to keep track of what’s going on: what are your users doing, what are your administrators doing, what are hackers and crackers doing? (As for the latter, hopefully nothing. But you never know.) The articles in this section help you understand what’s taking place on your website or app, and can help explain why those things are taken place. (And what you might want to do about some of them.)

Subsections in this category include:

  • Monitor user profile activity with Webhooks v3. Receive near-real-time notifications whenever a user profile is created, modified, or deleted. Or, even better, use event filtering to limit those notifications to more specific events (a user has signed up for your newsletter or has requested a copy of their user profile).
  • Monitor user profile activity with Webhooks 2.0. Primarily aimed at existing Identity Cloud customers still using the v2 version of Webhooks. New customers should skip this version and go straight to Webhooks v3.
  • Monitor events with SIEM event delivery. Use Security Information and Event Management (SIEM) to help monitor your website. And to alert you if something suspect seems to be happening there.
  • Manage Console audit logs. Keep tabs on who’s using Console, and what they’ve been doing with it.
  • Manage Console agents. “Agents” are users who’ve been granted management privileges of some kind in Console. These articles explain how you can manage these managers.

Manage analytics and reporting

The section is almost 100% focused on Customer Insights, and for good reason: Customer Insights is the way to analyze statistics for, and generate reports about, your website and app. How many users are logging into your site? How does that number compare to the number of users who logged in a month ago, or a year ago? How many of the users are logging on from a specified country, how many are logging on by using social login, how many – well, needless to say, the list goes on and on.

Subsections in this category include:

  • Customer Insights training videos. Links to Customer Insights training videos.
  • Find information. Finding your way around Customer Insights.
  • Work with reports. Tips and tricks for making the best use of Customer Insights reports.
  • Organize reports by using boards. Boards help you to organize, and to quickly locate and use, your favorite Customer Insights reports.
  • Manage Looks and Explores. Explores are (effectively) database tables: they hold information about your site, who’s using it, and when they’re using it. Looks, meanwhile, provide a way for you to retrieve this data, and to specify which data elements you actually want to work with.
  • Manage Dashboards. Creating, modifying, and deleting Dashboards, Customer Insight’s primary vehicle for displaying data.
  • Manage filters. Making the best use of filters, a Customer Insights feature that provides a way for you to “slice and dice” the data available on a report.
  • View activity reports with the Social Login dashboard. An alternate way to get information about users who accessing your site by using social login.

Managing applications and API clients

Applications and API clients store configuration information vital to configuring and using Identity Cloud. In this section you’ll learn how to manage both applications and API clients, with applications being (for our current purposes) simply a collection of API clients.

Subsections in this category include:

  • Manage applications in Console. In Console, application management typically means managing the configuration settings implementing at the global scope. By default, global settings automatically apply to all the properties (API clients) in an application.
  • Manage properties in Console. Unlike applications, you can create new properties and delete existing properties. Note, too that a setting configured at the property scope overrides the same setting configured at the global scope.
  • Export global and property settings by using Console. Export configuration settings for all your properties or for a selected set of properties.

Manage data integrations and migrations

It’s a simple enough request: there ought to be a way to import your existing user database into your new Identity Cloud infrastructure. Request granted. In this section, we explain how you can import existing user accounts into Identity Cloud, preserving all your current information, and ensuring that users don’t have to create new Identity Cloud accounts (they can even continue to use their current passwords).

Subsections in this category include:

  • Alternatives to self-service data migration. If you want something done right – well, you can always rely on Akamai to do it for you. (At least when it comes to data migration.)
  • Self-service data migration. If you want something done right, do it yourself. Here you’ll find step-by-step instructions for performing your own data migration, and without having to deal with the inevitable back-and-forth between yourself and Akamai support personnel.

Manage the user experience

Much of Identity Cloud (most notably user logins and registrations) is based on interactions between a user and Identity Cloud itself. To create an account a user must click a Create Account link and fill in an online form; to logon the user must click a Login link and enter their username and password; to complete two-factor authentication a user must type in an access code sent to them by email or text message. By default, Identity Cloud provides a basic user experience, but not necessarily the user experience you want to provide: for example, when users create an account there’s no place for them to enter their country of residence or their date of birth or anything else besides their name, email address, and password.

So what can you do if you actually need a user’s date of birth or their country of residence? That’s what the Manage the user experience section is all about.

Subsections in this category include:

  • Manage flows in Registration Builder. Using Console to manage flows. Flows are large JSON files containing configuration information that helps define the user experience. This is true both for organizations running Hosted Login and for organizations running the JavaScript SDK or using an API-based Identity Cloud implementation.
  • Manage fields in Registration Builder. Using Console to manage fields. Fields connect information entered by or displayed to a user (e.g., a user’s First name and Last name) with underlying user profile attributes (in this example, givenName and familyName).
  • Manage forms in Registration Builder. Using Console to manage forms. Forms are containers primarily used to hold fields.
  • Manage screens in Registration Builder. Using Console to manage screens. Note that, at this point in time, your ability to do such things as create new screens or delete existing screens is limited, and is generally accompanied by a number of cautions and caveats.
  • Manage the Hosted Login user experience. Managing Hosted Login fields and links.


One of the great strengths of Identity Cloud is this: if you’re not 100% sold on the way things look or the way they work, well, there’s a very good chance that you can change those things to better suit your needs. This section details many of the ways in which Identity Cloud can be custom-tailored for your organization. And because Hosted Login is the cornerstone of many Identity Cloud implementations, this section pays special attention to the customization of Hosted Login screens.

Subsections in this category include:

  • Customize Hosted Login. Adding fonts or CSS stylesheets, changing the logo, and other customizations you can make to Hosted Login.
  • Customize transactional emails. Modifying the email messages Identity Cloud sends in response to specified user activities (such as a user clicking the Forgot Password link on the sign-in screen).
  • Customize JavaScript SDK logins and registrations. Modifying the user experience for organizations still using the JavaScript SDK.
  • Customize JavaScript SDK social logins. Customizing the social login and registration experience. Many of the topics apply only to organizations still using the JavaScript SDK. However, there might be some information of use to organizations running Hosted Login.

Hosted Login screens reference

Hosted Login screens and how to modify them. Note that you can modify the way a screen looks and the wording used on that screen. However, you have limited ability to modify what a screen does or when that screen is displayed.

Subsections in this category include:

Technical Reference

Customer Insights visualizations are great, but how do I know which visualizations are even available to me? I’m interesting in adding custom attributes to my identity Cloud schemas, but what the heck is a “plural?” You mentioned that Hosted Login supports push claims and secure audience injection and multiple response modes. btu what does that even mean? If you have questions like these, then the Technical Reference section should come in very handy.

Subsections in this category include:

  • Hosted Login authorization request reference. Response modes, response types, grant types, and other items that you can include in a Hosted Login authorization request.
  • Supported languages and locales. A list of languages and locales that can be used when customizing Hosted Login screens and error messages.
  • Janrain Template Language (JTL). Information about the text element codes used on transactional emails and in two-factor authentication messages. For example, the {*#user*}{*&given_name*}{*/user*} tag automatically inserts a user’s first name into a transactional email.
  • Social login configuration guides. Configuring the default social login identity providers (Facebook, Twitter, Google, etc.) available when you subscribe to Identity Cloud. Keep in mind that identity providers often change their procedures or their terminology. Because of that, these guides should be considered just that – guides – and there is no guarantee that the steps outlined in these guides are 100% accurate on a given day. (If Facebook changes their configuration procedures this afternoon, those changes won’t instantly be reflected in our Facebook configuration guide.)
  • Customer Insights visualizations. All the different charts, graphs, and other visualizations available in Customer Insights (and how to actually make use of these items).
  • Customer Insights Explore reference. Describes the Explores available by default in Customer Insights. Explores are roughly equivalent to database tables.
  • Customer Insights Dashboard reference. Information about the default Dashboards available in Customer Insights.
  • Customer Insights filter operators. A brief overview of the operators (is equal to, contains, starts with, etc.) available when using Customer Insight data filters.
  • Identity Cloud data validations. All the different validations that can be used to help ensure that customers enter the correct data, and use the correct format, when filling out Identity Cloud fields. For example, the numeric validation prevents users from including anything but the digits 0-9 in a hypothetical ID number field.
  • Schema data types. Understanding the different data types (text, numeric, date-time, etc.) that can be used when constructing or modifying Identity Cloud schemas. (Among other things, schemas determine the information, and type of information, that can be maintained in Identity Cloud user profile databases.)
  • Console technical reference. Includes information about two key areas: 1) activities recorded in the Console audit log; and, 2) the roles that can be assigned to Console agents.
  • Webhooks v3 technical reference. Two major points of emphasis: a detailed look at the components that make up a Webhooks Secure Event Token, and information about the JSON Schema draft 7 keywords that can be used when creating webhook event filters.
  • SIEM event delivery technical reference. Information about and sample notifications for Identity Cloud's supported SIEM events.
  • REST API security schemes and client permissions. A number of Identity Cloud’s “legacy” APIs can use different authentication methods and have permissions that can be granted or restricted based on API client features. You’ll find information on both of those topics here.
  • Self-service data migration technical reference. Includes an overview of the data migration log files as well as a discussion of data migration transformations and validations.
  • Application and API client settings. The default application and client settings available to Identity Cloud users. These client settings are used to configure the Identity Cloud infrastructure and to help define the user experience.
  • Default JavaScript SDK registration experience. Information about the screens and the transactional emails used with the JavaScript SDK.

JavaScript APIs

Consider this the “oldies but goodies” section: JavaScript API references for legacy customers still using the JavaScript SDK. If you’re running Hosted Login then this section is not for you. (Although you’re welcome to look through it and see what life was like in the days before Hosted Login.)

Subsections in this category include:

  • Registration JavaScript API. JavaScript settings used to manage registration and logins. Used only with the JavaScript SDK, and not valid for use with Hosted Login.
  • Social login JavaScript API. JavaScript settings used to manage social logins and social registrations. Used only with the JavaScript SDK, and not valid for use with Hosted Login.
  • Social sharing JavaScript API. JavaScript settings used to manage social sharing. Used only with the JavaScript SDK, and not valid for use with Hosted Login.


As much as we like to think that Identity Cloud is perfect, we know better: on rare occasions things can go wrong or, at the very least, you don’t get the result you expected to get. In this section, we not only tell you what could go wrong (or at least not end up the way you thought it would), but we also provide pointers on how to: 1) fix the immediate problem; and, 2) avoid similar problems in the future.

Subsections in this category include:

Compliance and Certification

A catch-all category with detailed information about some (although definitely not all) of the major Internet standards that the Identity Cloud is in compliance with, including information about how we’re in compliance with those standards.

Subsections in this category include:

  • GDPR compliance. How Identity Cloud maintains compliance with the European Union’s General Data Protection Regulation (GDPR).
  • Web Content Accessibility Guidelines compliance. Point-by-point description of Identity Cloud’s compliance with the Web Content Accessibility Guidelines, a set of standards designed to make web-based information more accessible to more people.
  • OpenID Connect certification. Lists the OpenID Connect test that Identity Cloud has passed (and has been certified for).


If a picture is worth a thousand words then a video is worth … a lot. In this section, we provide links to both how-to videos (e.g., how to enable and disable two-factor authentication) as well as videos that simply demonstrate key Identity Cloud features and technologies in action (here’s what it looks like when a user authenticates by using social login). Because these videos tend to be short sweet (most of them are less than three minutes long) we suggest you watch the video on enabling and disabling two-factor authentication first and then read the corresponding documentation. Our hope is that, having seen the process, the documentation will be easier to grasp.

One last note: don’t bother adjusting your headphones or fiddling with your volume control. To help minimize intra-office disruptions, the videos rely on closed captions rather than narration.

Subsections in this category include:

  • Hosted Login provisioning. Primarily consists of a series of videos that help you verify that you have everything you need to being setting up Hosted Login. Also includes a video explaining how to upgrade from Hosted Login v1 to Hosted Login v2.
  • Hosted Login authorization requests. Illustrates the use of many of the optional parameters that can be included in a Hosted Login authorization request.
  • Hosted Login authorization rules. Explains “authorization rules.” configuration settings that enable you to restrict who can and who can’t log on to your website or app. For example, you deny access to users who are under a specified age or who haven’t verified their email address.
  • Hosted Login clients and policies. Instructional videos for configuring Hosted Login clients and policies.
  • Hosted Login user experience customization. Ways to help ensure that Hosted Login looks the way you want it to, and that Hosted Login acts the way you want it to.
  • Two-factor authentication. Videos that help explain both two-factor authentication and trusted devices.
  • social login. Configuring Hosted Login to enable users to sign on to a website or app by using an account previously-created on a social login identity provider such as Facebook or Twitter.
  • Identity Cloud processes and features. Overview videos for key Identity Cloud technologies such as authentication and registration.
  • Reporting. Introductory videos for Customer Insights, with an emphasis on helping you access Customer Insights and helping you allocate your CI licenses.
  • Events and event notifications. Videos that illustrate different ways to keep track of events that take place on your website or in your app.
  • Identity Cloud APIs. Sample uses of the Identity Cloud REST APIs. These videos typically show a single operation and make no effort to catalog everything the APIs can do.
  • End-user activities. Identity Cloud – and, in particular, Hosted Login – from the end-user’s point of view.

Identity Cloud directory

More ways to help you find exactly what you're looking for. In addition to this document (the site map) you'll also find these articles:

  • Feature list. A reasonably-complete list of Identity Cloud features, with links to articles, videos, and Getting Started guides that help explain how those features work.
  • Release categories and endpoints. A list of links to API endpoints. Primarily used to accompany Identity Cloud release notes.