Supported features

📘

Identity Cloud's 2FA feature is currently in Limited Availability. Please contact your ​Akamai​ representative as usage of 2FA features must be approved during Limited Availability.


Customer Identity and Access Management (CIAM) can mean many different thing to many different people. To help you determine where Hosted Login fits in the CIAM world, we’ve put together a list of some of the more common (as well as a few less common) features found in CIAM implementations, and have indicated whether these features are supported in the current release of Hosted Login.

FeatureSupported in v1Supported in v2
Add JavaScript/HTML Markup to the Login Page
Users are limited to modifications that can be made by changing the flow or by using CSS.
Age Gating
Restricts access to a website or mobile app based on a user's age: users below a specified age (or users who have not provided a birthdate) are denied access.
“Back to App” Button Included on the User Profile Screens
Users can click a button to exit their user profile screens and return to the page they were on before they opened the profile.
Change the Favicon
Organizations can change the default ​Akamai​ favicon that appears in browser tabs.
Change the Logo
Organizations can change the default ​Akamai​ logo that appears on the login and registration pages.
Configurable IDPs
Organizations can use standard protocols (such as SAML 2) to create social login identity providers that do not appear in the Social Login dashboard.
Consent Compliance and Management
Marketing consent is included out-of-the-box and additional consents can be added by the ​Akamai​ Professional Services team.
Custom Claims
Claims effectively represent a single user attribute: a user’s first name is a claim, a user’s middle name is a second claim, and a user’s last name is a third claim. Claims can be created to represent any attribute in the user profile.
Custom Domain Name
Organizations can work with their ​Akamai​ representatives to “CNAME” their Hosted Login URLs.
Customize Token Lifetimes
Access token and refresh token lifetimes can be modified by using token policies (by default, access tokens expire after 1 hour and refresh tokens expire after 90 days). However, modifying token policies must currently be done by ​Akamai​.
Delete Account
A user can delete his or her account and all the data associated with that account.
Email Verification
Websites/apps can prevent a user from fully logging on (i.e., from receiving an access token) until the user has verified their email address.
Email-only Registration (Light/Subscription Registration)
Registration method in which a user supplies an email address but no password.
Forgot Password
A user who can’t log on because they have forgotten their password can request an email link that will enable them to create a new password.
iframe Support
Hosted Login cannot be loaded in an iframe.This is due to browser security restrictions that prevent loading the session cookie in an iframe.
Legal Acceptances
Restricts access to a website or mobile app until a user has agreed to the terms of service and the privacy policy.
Link Social Accounts
Enables a user to add a social login identity provider to their current account.
Localize Text
Translations can be added to a site by modifying the flow. Hosted Login supports all Unicode characters.
Manage Hosted Login by Using APIs
All Hosted Login components can be managed by using APIs.
Manage Hosted Login by Using the Console
“Traditional” Identity Cloud components (such as applications, API clients, entity types, and flows) can be managed by using Console. However, OpenID Connect components – such as OIDC clients, login policies, and token policies – cannot be managed by using Console. Instead, these components must, for now, be managed by ​Akamai​ Professional Services.
To a limited extentTo a limited extent
Merge Social Accounts
If a user with an existing account logs on by using a social login identity provider that uses the same email address as the existing account, the existing account and the new IDP account can be joined together.
Mobile Device Access
Users can log on to or register with a website or app by using a mobile device. Note that Hosted Login supports the use of app browser tabs but does not support webviews.
Mobile Device Verification
Mobile device numbers are verified before being added to a user profile.
Mobile Number as Identifier
Users can log on to a website or app by using their mobile device number rather than their email address.
Modify Hosted Login Screen CSS
Organizations can override the CSS stylesheet that dictates the look and feel of login, registration, and user profile screens. You can apply a different CSS stylesheet to each Hosted Login API client.
Modify the Hosted Login Flow
Hosted Login flows can be modified by using the Configuration APIs.
Modify Hosted Login Screen Text
The text displayed on Hosted Login screens can be modified.
Multifactor Authentication
Security system that requires more than one method of authentication in order to verify the user’s identity.
One-time Password
Automatically generated character string that authenticates a user for a single transaction or session.
Password Change/Reset
Users can change their own passwords, without requiring helpdesk support.
Premium IDPs
Identity providers that require initial configuration by ​Akamai​ support personnel before those IDPs are available in the Engage app.
Progressive Profiling
Strategy in which you gradually build up a user profile over time, and in context. With progressive profiling, the personal data for a user is not collected all at once (e.g., at registration. Instead, data is collected over time, and only when needed to support the user experience.
reCaptcha
Advanced form of CAPTCHA that makes an initial assessment as to whether the entity attempt to register or to logon is a bot.
Request a Copy of Stored Data
Users can request to see all of their personal data being stored by a website or app.
Required Attributes
Websites/apps can prevent a user from fully logging on (i.e., from receiving an access token) until the user has provided a non-null value for attribute in a specified set of required attributes.
Single Sign-on
Single sign-on is possible for sites that share the same OpenID Provider. Single sign-on is also available for all the apps on the same mobile device.
Social Registration
Users can log register with a website or app by first logging on to an existing account with a social login identity provider such as Facebook or Twitter.
Social Sign-on
Users can log on to a website or app by first logging on to an existing account with a social login identity provider such as Facebook or Twitter.
Step-up Authentication
After initial logon, and based on risk level, a user can be asked to provide an additional form of authentication before they can be fully logged on to a website or app.
Support for Trusted Devices
Users can mark a device as “trusted” and, by doing so, are able to bypass two-factor authentication for a specified period of time.
Third-Party Analytic Tools
Customer Insights is the primary analytic tool be used with Hosted Login.
Traditional Registration
Users can register with a website or app by creating an account that uses an email address and password for logging on.
Traditional Sign-on
Users can log on to a website or app by supplying an email address and password.
Two-factor Authentication
After signing on with an email address and password, users are required to supply another form of authentication (such as a code sent to their mobile device) before they can be fully logged on to a website or app.
User Profile Management
Users have the ability to view, and to modify, their user profile.
Webhooks-Compatible
​Akamai​ webhooks can be used to record activities such as user logins, user registrations, and user profile changes.

Did this page help you?