Hosted Login

When most people think about revolutions they tend to think about big events whose effects are difficult to miss. The American Revolution! The French Revolution! The Industrial Revolution! You say you want a revolution? Those are revolutions.

At the same time, however, there are revolutions that are more subtle, yet every bit as innovative and, well, revolutionary. Case in point? Hosted Login, the Akamai Identity Cloud’s revolutionary new approach to Customer Identity and Access Management (CIAM). Admittedly, Hosted Login might not look very revolutionary. After all, when a user visits a Hosted Login site they’re asked to sign on either by entering an email address and password or by logging on to an existing account with an identity provider such as Facebook or Twitter. You know:

Revolutionary? Well, like we said, it might not look revolutionary. But, then again, looks can be deceiving.

In fact, with Hosted Login it’s what you don’t see that’s so ground-breaking. Yes, the login process looks like every other login process. (Which isn’t bad: after all, it’s an approach that users are very comfortable, with.) But consider these facts about Hosted Login, and about CIAM in general:

  • Historically, CIAM implementations have fallen into one of two camps: either they were quick to deploy but offered limited customization, or they offered unlimited customization but were much more difficult to deploy. By comparison, Hosted Login strikes a middle ground between these two extremes. Arguably, it’s much faster and easier to add identity management to a website or app by using Hosted Login than it is to do the same thing by using, say, the Identity Cloud’s JavaScript SDK; this is especially true for large organizations that need to deploy a number of sites. At the same time, Hosted Login also offers many more customization options than the JavaScript SDK. Does Hosted Login offer the same level of customization and personalization that the Identity Cloud Authentication APIs offer? Not quite, at least not at the moment. But, then again, you can also deploy sites much faster using Hosted Login than you can using the Authentication APIs. Hosted Login strikes a nice balance between being easy to use and being flexible and powerful.

  • Although people rely more and more on mobile devices, mobile access has often been an afterthought in the CIAM world. That’s not the case with Hosted Login, however. Hosted Login is built on top of OAuth 2.0 and OpenID Connect; that alone tells you that mobile is anything but a second-class citizen. In fact, registering for or logging on to an app or a website employs the same user experience regardless of the device you’re using.

  • The CIAM world has often been very proprietary, which meant a steep learning curve for developers. Because it’s based on OpenID Connect (OIDC), however, Hosted Login is different: app developers or website developers conversant in OIDC and capable of using an OIDC library such as AppAuthcan easily connect to the Akamai Identity Cloud by using Hosted Login.

  • Hosted Login is entirely cloud-based. Not only does this eliminate the costs associated with managing an on-premises CIAM product, but it also provides you with Akamai’s unrivaled reputation for security and availability, including an industry-leading uptime of 99.999%. That equates to less than 8 hours of downtime a year.

How Do I Get Hosted Login?

If you currently subscribe to the Akamai Identity Cloud then you already have it: Hosted Login is not a separate product. Instead, Hosted Login is an integral part of the base Akamai Identity Cloud offering. In fact, after you subscribe to the Akamai Identity Cloud you’ll have access to three different ways to manage identities:

  • The JavaScript SDK. Also known as the widget, the JavaScript SDK provides the “classic” Akamai Identity Cloud registration and logon experience. Although relatively easy to deploy, the JavaScript SDK offers little in the way of customization.

  • The Akamai Identity Cloud Authentication APIs. Doing an API-based implementation of the Akamai Identity Cloud requires the most effort: you must write code to handle logins, registrations, and user profile updates, and you must create all your screens from scratch. Obviously that’s more-involved and more time-consuming. On the flip side, the Authentication APIs do give you the ability to give users a fully-customized login and registration experience. It’s a tradeoff between the ability to do anything and the amount of time it can take to do even one thing.

  • Hosted Login. Admittedly, Hosted Login might not be for everyone. For example, if you do need a fully-customized login and registration experience you’ll have to use the Authentication APIs and create one yourself; Hosted Login is not for the people who want to do everything themselves. But suppose you don’t need a one-of-a-kind registration and login experience, suppose you just need an experience that, via branding and theming, clearly conveys who your organization is. And suppose you’d like to quickly deploy a large number of sites without having to create each of those sites from scratch. And suppose you want to ensure that mobile devices are treated the same as any other device. And suppose – well, you get the idea. Hosted Login might not be for everyone. But that doesn’t mean that the vast majority of organizations can’t take advantage of it.
Perhaps best of all, using Hosted Login does not prevent you from using the other Identity Cloud approaches: organizations are free to mix and match Identity Cloud implementation methods. For example, suppose you already have a few sites running the JavaScript widget, and you’d just as soon leave well enough alone. That’s fine: existing sites can continue to use the JavaScript SDK while new sites use Hosted Login. And what if you later draw up plans for a “special” site that requires a level of customization and personalization not available in either the SDK or in Hosted Login? That’s also fine: use the Authentication APIs for that one site. It’s entirely up to you.
Note: If you’re an existing Identity Cloud customer some minor changes might need to be made to your schemas in order to let you add Hosted Login to your identity management arsenal. For more information, contact your Akamai representative.

Here’s a table that compares JavaScript SDK and Authentication API implementations with Hosted Login implementations:

Activity SDK / API Hosted Login
Delivery Model Platform as a service (PaaS) Software as a service (SaaS)
User Experience In-app experience Redirect to identity provider
Training Learn the Akamai Identity Cloud APIs Learn industry-standard and certified OIDC client libraries
Integration Time 1-3 days (not including design time) 30 minutes
Development Build or modify all UX components (HTML, JavaScript, CSS) Reuse or modify existing theming assets (CSS, logos, favicon)
Maintenance Cost Scales linearly with the number of applications Costs start lower and remain fixed as new applications are onboarded

And did we mention that Hosted Login is also fully-compatible with the Akamai tools you have come to know and love? For example, Hosted Login supports the same eventing structure as the JavaScript SDK and the Authentication APIs; that means that Hosted Login sign-in and registration events can be consumed by SIEM clients or viewed in Customer Insights. Likewise, Hosted Login applications, API clients, and entity types (to name a just a few components) can be viewed and managed from within the Identity Cloud Console . The only exceptions? At this point in time, OIDC-specific items – such as OIDC clients, login policies, and token policies – can only be managed by using the Akamai Identity Cloud REST APIs, and can only be managed by Akamai. A more complete self-service approach is on its way, but isn’t quite here yet.

For a complete list of the CIAM features supported by Hosted Login, click here.

What Comes Next?

For more information about how Hosted Login actually works, see the article Authorization Code for Web Apps (or, to see how Hosted Login works with mobile devices, see the article Authorization Code + PKCE for Mobile Apps). If you'd like a little background on OAuth 2.0 and OpenID Connect, take a look at the article An Introduction to OpenID Connect. After that, feel free to browse around the site. We have a lot of Hosted Login documentation already published, with much more on the way.