Identity Cloud's 2FA feature is currently in Limited Availability. Please contact your Akamai representative as usage of 2FA features must be approved during Limited Availability.
Customer Identity and Access Management (CIAM) can mean many different thing to many different people. To help you determine where Hosted Login fits in the CIAM world, we’ve put together a list of some of the more common (as well as a few less common) features found in CIAM implementations, and have indicated whether these features are supported in the current release of Hosted Login.
|Feature||Supported in v1||Supported in v2|
Users are limited to modifications that can be made by changing the flow or by using CSS.
Restricts access to a website or mobile app based on a user's age: users below a specified age (or users who have not provided a birthdate) are denied access.
|“Back to App” Button Included on the User Profile Screens|
Users can click a button to exit their user profile screens and return to the page they were on before they opened the profile.
|Change the Favicon|
Organizations can change the default Akamai favicon that appears in browser tabs.
|Change the Logo|
Organizations can change the default Akamai logo that appears on the login and registration pages.
Organizations can use standard protocols (such as SAML 2) to create social login identity providers that do not appear in the Social Login dashboard.
|Consent Compliance and Management|
Marketing consent is included out-of-the-box and additional consents can be added by the Akamai Professional Services team.
Claims effectively represent a single user attribute: a user’s first name is a claim, a user’s middle name is a second claim, and a user’s last name is a third claim. Claims can be created to represent any attribute in the user profile.
|Custom Domain Name|
Organizations can work with their Akamai representatives to “CNAME” their Hosted Login URLs.
|Customize Token Lifetimes|
Access token and refresh token lifetimes can be modified by using token policies (by default, access tokens expire after 1 hour and refresh tokens expire after 90 days). However, modifying token policies must currently be done by Akamai.
A user can delete his or her account and all the data associated with that account.
Websites/apps can prevent a user from fully logging on (i.e., from receiving an access token) until the user has verified their email address.
|Email-only Registration (Light/Subscription Registration)|
Registration method in which a user supplies an email address but no password.
A user who can’t log on because they have forgotten their password can request an email link that will enable them to create a new password.
Hosted Login cannot be loaded in an iframe. This is due to browser security restrictions that prevent loading the session cookie in an iframe.
|Link Social Accounts|
Enables a user to add a social login identity provider to their current account.
Translations can be added to a site by modifying the flow. Hosted Login supports all Unicode characters.
|Manage Hosted Login by Using APIs|
All Hosted Login components can be managed by using APIs.
|Manage Hosted Login by Using the Console|
“Traditional” Identity Cloud components (such as applications, API clients, entity types, and flows) can be managed by using Console. However, OpenID Connect components – such as OIDC clients, login policies, and token policies – cannot be managed by using Console. Instead, these components must, for now, be managed by Akamai Professional Services.
|To a limited extent||To a limited extent|
|Merge Social Accounts|
If a user with an existing account logs on by using a social login identity provider that uses the same email address as the existing account, the existing account and the new IDP account can be joined together.
|Mobile Device Access|
Users can log on to or register with a website or app by using a mobile device. Note that Hosted Login supports the use of app browser tabs but does not support webviews.
|Mobile Device Verification|
Mobile device numbers are verified before being added to a user profile.
|Mobile Number as Identifier|
Users can log on to a website or app by using their mobile device number rather than their email address.
|Modify Hosted Login Screen CSS|
Organizations can override the CSS stylesheet that dictates the look and feel of login, registration, and user profile screens. You can apply a different CSS stylesheet to each Hosted Login API client.
|Modify the Hosted Login Flow|
Hosted Login flows can be modified by using the Configuration APIs.
|Modify Hosted Login Screen Text|
The text displayed on Hosted Login screens can be modified.
Security system that requires more than one method of authentication in order to verify the user’s identity.
Automatically generated character string that authenticates a user for a single transaction or session.
Users can change their own passwords, without requiring helpdesk support.
Identity providers that require initial configuration by Akamai support personnel before those IDPs are available in the Engage app.
Strategy in which you gradually build up a user profile over time, and in context. With progressive profiling, the personal data for a user is not collected all at once (e.g., at registration. Instead, data is collected over time, and only when needed to support the user experience.
Advanced form of CAPTCHA that makes an initial assessment as to whether the entity attempt to register or to logon is a bot.
|Request a Copy of Stored Data|
Users can request to see all of their personal data being stored by a website or app.
Websites/apps can prevent a user from fully logging on (i.e., from receiving an access token) until the user has provided a non-null value for attribute in a specified set of required attributes.
Single sign-on is possible for sites that share the same OpenID Provider. Single sign-on is also available for all the apps on the same mobile device.
Users can log register with a website or app by first logging on to an existing account with a social login identity provider such as Facebook or Twitter.
Users can log on to a website or app by first logging on to an existing account with a social login identity provider such as Facebook or Twitter.
After initial logon, and based on risk level, a user can be asked to provide an additional form of authentication before they can be fully logged on to a website or app.
|Support for Trusted Devices|
Users can mark a device as “trusted” and, by doing so, are able to bypass two-factor authentication for a specified period of time.
|Third-Party Analytic Tools|
Customer Insights is the primary analytic tool be used with Hosted Login.
Users can register with a website or app by creating an account that uses an email address and password for logging on.
Users can log on to a website or app by supplying an email address and password.
After signing on with an email address and password, users are required to supply another form of authentication (such as a code sent to their mobile device) before they can be fully logged on to a website or app.
|User Profile Management|
Users have the ability to view, and to modify, their user profile.
Akamai webhooks can be used to record activities such as user logins, user registrations, and user profile changes.
Updated about 2 months ago