Feature list

Ever found yourself wondering "What exactly is the ​Akamai​ Identity Cloud?" If the answer to that question is "yes," then you've come to the right place: this page includes a list of many of the key features and capabilities that make up the ​Akamai​ Identity Cloud (AIC). To help you fully understand what the I<<PR
can do, these items have been collected in a set of tables built around the following categories:

  • Registration and Profile Management
  • Identity Management
  • Privacy and Consent
  • Service Platform
  • Administration and Configuration
  • Application Integrations
  • Analytics and Data Integrations
  • Published APIs

Note that, in the tables below, the Hosted Login column indicates whether a feature/capability is available to organizations using Hosted Login, while the API column indicates whether that same feature or capability is available to organizations relying on the Authentication APIs.

Registration and Profile Management

FeatureHosted LoginAPI
Primary Region
One region is included with your base subscription, excluding Russian RU) and China (CN). Qualifying regions include: North America (NA), Canada (CC), Europe (EU), Australia (AU), Singapore (SG), Japan (JP).


IncludedIncluded
Additional Regions
Additional regions can be purchased as needed. Regions include: North America (NA), Canada (CC), Europe (EU), Australia (AU), Singapore (SG), Japan (JP), China (CH), Russia (RU).

Note. The EU region is a prerequisite for support in Russia. The Russia solution is unique and provides RU data privacy law compliancy for Russia law 152-FZ PII "write-first" requirement.


Add-On FeeAdd-On Fee
User Profile Attributes
The Identity Cloud data schema is extensible and can accommodate as many attributes as needed. Caveats include credit card information, SSN, or other pieces of sensitive data that belong with other systems.

Video: [Profile data management(doc:profile-data-management)

IncludedIncluded
Registration
Users can create a new account using a self-service registration form.

Video: Registration

IncludedIncluded
Profile Data Management
User can view/edit their user profile.

Video: Manage a user profile

IncludedIncluded
Field and Form Customization
Customize the data collected in registration and profile forms. Hosted Login and API forms/fields can both be configured via Configuration API or Console Registration Builder.

Documentation: Console Registration Builder
Video: Field and form customization

IncludedIncluded
Screen Customization
Customize the look and feel of login, registration, profile, etc. screens. Hosted Login screens can be customized via published images and CSS; API implementation does not include screens, as they are completely on your side.

Documentation: Screen customization
Video: Screen customization

IncludedIncluded
Language Support
Localization and translations based on ISO codes. Default language is American English; You must provide translations.

Documentation: Localize screen text
Video: Language support

IncludedIncluded

Identity Management

FeatureHosted LoginAPI
Authentication
Registration and login via password.

Documentation: [Authorization code + PKCE grant type](doc:the-authorization-code-pkce-grant-type)
Video: Authentication

IncludedIncluded
Single Sign-On (SSO)
User logins on one application can be recognized across other applications.

Documentation: Sessions and SSO

IncludedNot Available
Password Security
Password encryption, custom password validation rules, secure password reset, configurable password history requirement.

Documentation: Unique password enforcement
Video: Password security

IncludedIncluded
Supported Password Hashes
Standard Identity Cloud password hash. Bcrypt is the standard Identity Cloud password hash. We support a number of other hashes for data migration purposes only. If you use a hash that is not supported, passwords will need to be reset.


IncludedIncluded
Password Reset
User can reset their password in a self-service workflow.

Video: Password reset

IncludedIncluded
Social Identity
Registration and login via providers such as Apple, Facebook, Microsoft Online, Twitter, and WeChat.

Video: Configure social login

IncludedIncluded
Social Identity Merge
Merge a social account such as Apple, Facebook, Twitter, or WeChat with an existing profile. Social merge can only work when the IDP provides a verified email address that matches the email on the existing profile.

Video: Merge social accounts

IncludedIncluded
Link Social Identity
User can link a social account to an existing profile.

Video: Link social identity

IncludedIncluded
Custom Identity Provider (IdP)
Configure a custom provider for social login as long as it follows a supported protocol: OIDC, OAuth, or SAML. Only outbound integrations to external IDPs are supported.

Documentation: Introduction to custom providers


IncludedIncluded
Transactional Emails
Standard registration experience provides option to send via our Amazon SES service: registration verification; account deactivation; email change; forgot password. You can also send emails via your own service.

Documentation: JavaScript SDK email overview
Video: Transactional emails

IncludedIncluded
Email and Mobile Number Verification
Update to email address or mobile number requires verification. Note. API includes email verification only.

Documentation: Manage email addresses and mobile device numbers in Hosted Login v2
Video: Email and mobile number verification

IncludedSee Note
Risk-Based Authentication (RBA)
Require 2FA based on user behavior scores or high-value transaction.

Documentation: Risk-based authentication
Video: Risk-based authentication

IncludedNot Available
Multi-factor Authentication: SMS
Authorization codes sent via text message with RBA and/or 2FA. You can purchase blocks of SMS messages.

Documentation: Two-factor authentication (2FA)
Video: Multi-factor authentication: SMSa

IncludedAdd-On Fee
Multi-factor Authentication: Email
Authorization codes sent via email with RBA and/or 2FA.

Documentation: Two-factor authentication (2FA)
)
Video: Multi-factor authentication: Email

IncludedNot Available
OpenID Connect (OIDC)
OpenID Connect protocol.

Documentation: OpenID Connect and OAuth 2.0
Video: OpenID Connect

IncludedNot Available
OAuth 2.0
OAuth protocol.

Documentation: OpenID Connect and OAuth 2.0
Video: OAuth 2.0

IncludedIncluded

Privacy and Consent

FeatureHosted LoginAPI
Subject Access Rights
User can request their data or account deletion. Identity Cloud captures the request, and it is up to you to take action on it.

Video: Subject access rights

IncludedIncluded
Consent Management
User manages consents via profile page.



Documentation: User Consent)
Video: Consent management (video)

IncludedIncluded
Privacy and Terms Acceptance
User must accept legal terms upon registration and any time legal terms are updated.

Documentation: Authorization rules
Video: Legal and terms acceptance

IncludedIncluded

Service Platform

FeatureHosted LoginAPI
Capacity Management and Quotas
AIC includes entitlement for a maximum average daily transaction quota of 10 transactions per second during a calendar month. Rate quotas are subject to change to protect customers, at ​Akamai​’s discretion. ​Akamai​ will provide advance notice of such changes when possible.


IncludedIncluded
Dynamic Performance Option
If higher rate quotas are required, you may subscribe to the Dynamic Performance Option.


Add-On FeeAdd-On Fee
Performance Testing
You can run a load test involving your Identity Cloud solution as prescribed by ​Akamai​. Your load test should reflect expected real-world traffic spikes.


Add-On FeeAdd-On Fee
Service Level Agreement (SLA)
AIC is committed to a monthly availability of at least 99.95% for ​Akamai​ Identity Service in production. ​Akamai​ customers can access the full SLA here.


IncludedIncluded
Supported Browsers
Chrome, Edge, Firefox, Safari.

Documentation: Supported web browsers


IncludedIncluded
Supported Web Protocols
Secure protocol (HTTPS) required for login and registration services.


IncludedIncluded
​Akamai​ Platform Protections
Multi-tenant KSD protections.


IncludedIncluded

Administration and Configuration

FeatureHosted LoginAPI
Console
Dashboard UI for Identity Cloud configurations.

Documentation: Introduction to the Console
Video: Console

IncludedIncluded
Customer Care Portal
Portal for customer care agents to service user profiles; included within Console.


IncludedIncluded
Role-Based Access Control
Internal access to Console can be finely tuned based on roles and permissions.

Documentation: Agent roles reference
Video: Role-based access control

IncludedIncluded
Audit Logs
Logs available within Console for 1) end user profile changes; and, 2) Console activity by user agent. Profile audit logs are stored for 90 days; Console activity audit logs are stored for 30 days.

Documentation: Audit logs overview
Video: Console audit logs

IncludedIncluded
API
Most configurations can be done via suite of API endpoints.

REST APIs


IncludedIncluded

Application Integrations

FeatureHosted LoginAPI
Web Apps
Integrate Identity Cloud with your web-based sites and applications.

Documentation: Integrate OpenID Connect apps


IncludedIncluded
Mobile Apps
Integration Identity Cloud with your mobile applications.


IncludedIncluded
Single Page Apps
Intagrate Identity Cloud with your single-page applications.


IncludedIncluded

Analytics and Data Integrations

FeatureHosted LoginAPIs
Customer Insights
Identity Cloud analytics dashboard. This is built on a third-party platform called Google Looker.

Documentation: Introduction to Customer Insights
Video: Customer Insights

IncludedIncluded
Integration Bus
Pre-built data integrations between Identity Cloud and other Enterprise systems. This is built on a third-party platform called SnapLogic.

Documentation: Data integration with Integration Bus
IncludedIncluded
Webhooks
Profile activity event delivery service to your endpoint. Configured via API: you provide endpoint and consume webhook notifications.

Documentation: Introduction to Webhooks v3
Video: Webhooks v3

IncludedIncluded
SIEM Event Delivery
Batch security event delivery service to integrate with SIEM analytics tools such as Splunk or QRadar. Configured via API: you provide sFTP server and consume SIEM event data.



Documentation: Introduction to SIEM event delivery
Video: SIEM event delivery

IncludedIncluded

Published APIs

FeatureHosted LoginAPIs
Authentication API
Implement login, registration, and profile management in your user-facing application via API.

Note. Hosted Login is the alternative to the Authentication API, although they can both be used in the same application as needed.

Video: Authentication API

See NoteIncluded
Configuration API
Administrer and configure your Identity Cloud implementation via API. Much of the same configuration can be done via the Console UI.

Video: Configuration API

IncludedIncluded
Entity and Entity Type API
Administer and configure your data storage and user profiles via API. Much of the same configuration can be done via the Console UI.

Video: Entity and Entity Type API

IncludedIncluded
Webhooks API
Configure webhooks via API.

Video: Webhooks v3 API

IncludedIncluded
SIEM Event Delivery API
Configure SIEM Event Delivery via API.

Video: SIEM event delivery API

IncludedIncluded
Social API
Manage social identity providers via API.

Video: Social API

IncludedIncluded
Custom Provider API
Use practically any social login identity provider as a way to register/sign-in users on your Hosted Login websites.


IncludedIncluded