Access schema

Restricts API clients to read or read/write access to specific attributes within an entity type. This provides a way to grant an API client (and any administrators/developers who use that client) access only to the user profile attributes needed to carry out a specific business activity.

Access token

JSON web tokens that let websites and applications know the resources that you should have access to. When you request access to a resource, the server or app checks your access token to make sure you're actually allowed access to that resource. It's important to note that access tokens are "bearer tokens," which means they provide access to anyone who has possession of (i.e., who bears) that token. No identity checks are performed when you access a resource; instead, possession of the token is all that matters.

Addressable users

Type of user account where the only piece of information you have is an email address; typically these "accounts" are created for sending email newsletters and other marketing materials. There is no password associated with an addressable user, nor is there a user account to be managed.

Advanced Policy Manager

Access management solution that provides a centralized place for managing real-time authorization decisions about who/what can access all of the websites, apps, resources, assets, and data in an Identity Cloud-based ecosystem. Note that Advanced Policy Manager is designed to manage access to non-Identity Cloud activities. For Identity Cloud activities (such as age-gating), you should use the policy management tools included with the Identity Cloud itself itself.


Feature that restricts access to a website or mobile app based on a user's age: users below a specified age (or users who have not provided a birthdate) are denied access. Age-gating is built into the Identity Cloud, and can be implemented in several different ways.

Agent group

Provides a way to display different sets of attributes to different agents any time those agents search for user profiles in the Console. For example, one group of agents might see a user's first name, last name, display name, email address, phone number, and country of residence when they do a search. A second groups of agents might see a user's first name, last name, email address, API client name, account creation date, and last login date when they do a search.

Anonymous to Known

Uses browser fingerprint to gather data and events from unknown web users and then store that information in provisional user accounts. When the user registers and creates an actual user account, the Identity Cloud A2K can merge information stored in the provisional account to the user's new, permanent account, enabling you to link pre-login and pre-registration activity to a known user.

Anti-forgery state token

Helps guard against Cross-Site Request Forgery (CSRF) attacks. To do this, the anti-forgery state token is included in your initial authentication request and is then returned by the authorization server. The client can then compare the original state with the returned state and verify that they are the same. If they aren't, that suggests that some sort of CSRF attack has occurred.

API client

Used to make authenticated requests against the Identity Cloud REST APIs. Typically, these calls are used for login and registration: when a user logs on to or registers with a website, that logon or registration is managed by an API client (referred to in the Console as a property). Properties are also involved when administering a website: access to site resources (such as user profiles) is dictated, in part, by the property used to make a management request.


Specific form of authentication that allows users or system processes to prove their identity using tokens (in other words, perimeter authentication). Identity assertion is typically combined with perimeter authentication: the process of authenticating a user outside the application server domain.

Attribute-based Access Control

Access management system based on two principles: users and resources both have attributes. For example, users have any number of attributes: they hold a particular job, they work for a particular department, they've taken Training Course X, they hold a US government security clearance. Likewise, resources have attributes: this resource is a document, this resource is a contract, this resource deals with sensitive information, this resource originated in China. To manage access to a resource, you simply create a rule that specifies the conditions under which a user will be allowed to access the document. For example, if the user has completed China Compulsory Certificate training and the user works for the International Affairs Department and the user has legal contract signing authority then grant the user access to the file. And if any of those criteria don't apply? Then don't grant access.


Examination of the management controls within an information technology infrastructure. In the Console you can retrieve audit information for user profiles; this information reports all the changes made to the user account for the specified time period (up to 90 days). This includes information about when a user last logged on or logged off as well as changes to user information such as the user's display name or email address.

Authenticated sharing

Social sharing that occurs from our server to the API end point of the provider. This type of sharing requires to authenticate with the system where the sharing originates, and to consent to receiving the shared information.


Process of confirming an identity (typically a user identity). The goal of authentication is to answer the question, "Are you really who you say you are?" Often shortened to AuthN (Authentication).


After a user has been authenticated, authorization is the process of verifying the user's access to resources. The goal of authorization is to answer the question, "Now that we know who you are, what are allowed to do?" Often shortened to AuthZ (Authorization).

Authorization code

Server-supplied information used in the OAuth/OIDC authentication process. After a successful authentication, the client is given an authorization code. That code can be presented to the token endpoint and exchanged for an identity token and an access token.



Standard protocol that enables trusted apps to share information. Backplane-compliant applications can share user identity and other information seamlessly, and regardless of the source of that information. Note that the's Backplane implementation is currently in maintenance-mode only: existing customers are still supported, but no new installations of Backplane are taking place at this time.

Basic authentication

REST API authentication method in which your client ID and client secret are base 64-encoded to create an authorization code that can then be included in your API call. Basic authentication can be used with all of the Identity Cloud REST APIs.

Bcrypt password hashing

Hashing function used to store Identity Cloud passwords. When a user logs on to a Akamai-powered web site, his or her password is "hashed;" that is, the Bcrypt algorithm is used to convert the user password (e.g., password) to a hashed value (e.g., $2a$04$ieykoinw2dh2O6Z/qN6ARu281.2wtcjZ4PRxk.Vu78SW3B8mckmAq). That hashed value is then compared to the stored password to determine whether or not the user will be logged in. Note that Akamai employs additional techniques (such as using a password "salt") to create password hashes that are extremely difficult to crack (to say the least).

Bearer token

Type of token that provides access to anyone who has possession of it (i.e., anyone who bears that token). Access tokens are bearer tokens: when you present an access token, no identity checks are performed to verify that the token really belongs to you. Instead, possession of the token is all that matters.

Broadcast sharing

Social sharing in which content is shared to a user's wall, feed, or other public location.


Callback URL

URL that users are redirected to following a successful authentication.


Acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart." CAPTCHA is a challenge–response test used to determine whether or not the user is human. The goal behind CAPTCHA is to prevent bots and other automated processes from performing specified activities on websites.

Capture Dashboard

Predecessor to the Console. The Capture Dashboard was used to manage applications, API clients, schemas, etc.

Capture UI

Server-side "daemon" that performs authentication, registration, single sign-on, backplane registration, settings communication, flow construction, and user tracing through the flow. Each time a user completes a flow screen (for example, the initial sign-on screen), Capture UI determines the correct response and directs the widget to render the next screen.


A French word typically translated as "book" or "notebook," in Identity Groups a carnet is a reference profile to a thing (a such as a smart door lock, a refrigerator or practically anything else you can think of) that is shared by a group of people.

Centralized policy management

Strategy for managing access control policies throughout the organization. With the Identity Cloud, centralized policy management gives you the ability to deploy identity-related policies (such as age-gating) across all of your API clients.


In OAuth/OIDC, claims provide a way for you to return information about a specific attribute or set of attributes. For example, instead of returning the entire profile scope, you could return just the user's name and birthdate.

Client ID

The "username" for an API client. Client IDs are not secret: knowing a client ID is equivalent to knowing a user's username or email address.

Client secret

The password for an API client. Unlike client IDs, client secrets are secret: client secrets should be treated as confidential, and should never be shared with anyone, including Akamai. If a client secret should be exposed (or if a user who had access to a client secret leaves your organization), Akamai strongly recommends that you use the Console to reset the secret for the affected API client.

Configuration API

REST API used for managing flows, clients, settings, and other various aspects of an organization's Identity Cloud ecosystem. Typically referred to as CAPI.


Users consent (or lack thereof) to using their personal data for a specific activity. According to the European Union's General Data Protection Regulation, consent must be: Freely given. Specific to an activity. Informed. An unambiguous indication of the user's wishes.

Consent Lifecycle Management

Akamai's best practice recommendation for storing and allowing users to manage fine-grain consent over the use of their personal data. This implementation package assumes Akamai is the data store for both user data and their consents.


The next generation of Identity Cloud management tools. Among other benefits, the Console provides: One location for all your management tools, with a unified look and feel. Delegation of administrative authority by using a single mechanism: roles. Full-fledged user profile search capabilities, including the ability to write queries that employ wildcard characters and Boolean operators such AND and OR. The ability to export user profile data. The Console also allows you to export audit data for a specified user. Full application and API client management. Detailed access to your entityType schemas.


Defines certain properties that data in a database must comply with; for example, the Length constraint defines the maximum number of characters that an attribute can have.

Contact sharing

Social sharing in which content is shared to a user's wall, feed, or other public location.

Cross-Site Requests Forgery attacks

Attacks that occur when a user, legitimately logged on to a trusted website, is tricked into running an unauthorized command (typically from a malicious link that has been embedded within that trusted site).


The four basic functions of persistent data storage: create, read, update, and delete.


Computer software project providing a library and command-line tool for transferring data using various protocols.

Customer Identity and Access Management

Typically shortened to CIAM. Technology that enables organizations to securely capture and manage user identity and profile data, and to control user access to applications and services. CIAM provides a safe and secure way for users to log on to web sites and mobile applications, and to be confident that their personal data and transactions are safe and secure. CIAM vendors typically offer a number of services, including user registration, self-service account management, user preference and consent management, and single sign-on. These vendors also include services that assist with data security and data governance.

Customer Insights

The Identity Cloud’s premier reporting and data analytics tool. With Customer Insights you can use reports and dashboards (either those that ship with the product or those that you build yourself) to learn more about your user base. Those learnings are largely based on demographic information such as geographic location, preferred gender, age range, etc.

Customer Journey

A user's activities beginning from the moment a user reaches your website or mobile application and continues through registration, customer transactions, and beyond. Captured activities may include – but are not limited to – navigation paths, registration or login events, button clicks, and “value” decisions like downloading a paper, e-commerce transactions. and signing up for a webinar.


Data governance

Data management concept that helps organizations maintain high quality data. This is done by establishing processes to monitor and maintain such things as data availability, usability, and integrity, and to help ensure data security.

Data integrations

Combines data from disparate sources into a single, comprehensive, and user-friendly package. For example, if you use Salesforce Marketing Cloud, you can use a data integration to sync user profile data with your Salesforce contact data. That provides a richer and more complete view of your users than you would get if you looked at your user profile data and Salesforce contact separately.

Discovery document

Set of OIDC values that can be retrieved by a client; this enables clients to configure themselves. For example, you should never have to specify the public key for a client. Instead, your OAuth client can connect to the discovery document (also known as the well-known endpoint) and retrieve the latest copy of the public key for itself. If you have implemented OAuth and OIDC, you can retrieve your discovery by adding /.well-known/openid-configuration to the end of your Identity Cloud domain URI.

Distinguisher field

Limits Console agent access to user profiles based on the value of a single attribute (the distinguisher field). For example, you can limit an agent to accessing profiles from a specific country by setting the user_distinguisher_field setting to You can then set the distinguisher value of US; at that point, agents assigned this access level will only be able to work with the user profiles of US residents.

Domains whitelist

When present, the Identity Cloud only accepts token URLs from the domains shown on the whitelist. If your whitelist is blank (the default value), the Iidentity Cloud accepts token URLs from any domain.) The fewer domains you accept tokens from the more secure your environment. If you decide to use the whitelist feature it's important that you only whitelist domain names and never whitelist domain IP addresses. As a cloud-based enterprise, we use dynamic IP addresses that are guaranteed to change (and to change randomly rather than on a set schedule). If you whitelist the IP address for an Identity Cloud server (e.g.,, you could suffer a disruption in service if the server's IP address changes.


Email shares

Social sharing activity directly shared with another user by using a designated email service. Email sharing may be completed through a supported provider configured with your Social Login application or through a user’s native email client.


Functions available through a REST API. For the Identity Clouc, these functions include such things as retrieving a user account, updating an API client, or creating an entityType. Endpoints are typically expressed as URLs; for example: htb8fuhxnf8e38jrzub3c7pfrr/settings


Original name for social login, the process of using a social media account to log on to a third-party site. The name "Engage" lives on in the Soc ail Login Engage Dashboard, the primary tool for setting up social logins in Akamai's Identity Cloud.


Somewhat-technical name for an individual user or, more correctly, a user profile in a user profile database (entityType). For example, to search for a user, you use the entity.find endpoint.


User profile database. Each Identity Cloud implementation includes a single entityType: user. You can modify this database as needed, or create new entityTypes.



Automatic restoration of the primary system (a computer server, system, hardware component, or network) following a failover. For Identity Cloud customers, failback typically refers to Amazon Web Service data centers and databases.


Automatic switching to a redundant or standby computer server, system, hardware component or network any time the primary system fails. When the service is restored, the failback process restores service to the primary system. For Identity Cloud customers, failover typically refers to Amazon Web Service data centers and databases.


Enables a user to sign-in across a family of related websites. The user signs in to one site, and is then automatically signed in when visiting any other site within the specified federation of sites.


Short for Fast IDentity Online. FIDO standards enable simpler and more secure user authentication experiences across multiple websites and mobile services.

Fraud score

Real-time background check of new and existing user identities to help detect and handle accounts that might be fraudulent or otherwise dangerous. Fraud Score delivers a numeric risk score based on past and current behavior; this score is calculated using multiple factors, including phone number intelligence; AI-based traffic pattern analysis (including those patterns that indicate brute-force attacks); and data from global information services. Higher scores indicate a higher threat level, a higher suspicion of potential fraud.


i18n string

Hard-coded strings that need to be specified in the i18nStrings key if a flow is to be translatable. (i18n is a "numeronym" in which the 18 represents the 18 letters between the first i and the last n in the word internationalization.) Internationalization involves designing a software application so that it can be easily adapted for us in various languages and regions.

Identity and Access Management

Typically shortened to IAM, Framework for business processes that facilitates the management of electronic or digital identities. This includes policies for managing digital identity as well as the technologies needed to support identity management. IAM is typically employed for internal organizational use and CIAM employed for customer-facing websites and applications.

Identity Groups

Identity Cloud product used for Internet of Things management. Identity Groups consists of a rich API that enables delegated administration and access management for an Internet of Things ecosystem.

Identity Provider

Entity that does two things: Creates, maintains, and manages identity information for principals Provides authentication services to relying party applications within a federation or distributed network. By using an IDP, you effectively outsource user authentication to a third-party.

Identity token

Enables applications and websites to know exactly who you are. Identity tokens: Assert the user's ID Indicate the issuing authority (e.g., Akamai) Can optionally specify how, and when, the user was authenticated Are generated for a particular audience (client) Include an issue date and an expiration date Can optionally contain user profile details such as name and email address Are digitally signed so that the intended recipients can verify it Identity tokens are typically not used for authorization; that's because these tokens often contain personally-identifiable information (like a name and/or an email address extracted from a user profile).

Internet of Things

Ability to connect everyday objects (smart locks, watches, home appliances, etc.) to the Internet, as well as allow access to and management of those objects. Identity Groups enables you to assign an identity to and to share objects over the Internet.

IP whitelist

Specifies the IP addresses of the devices allowed to make API calls using an API client (property). By default, the IP whitelist for a client is set to, meaning that any IP address can be used to make API calls. Whitelists must be specified using the Classless Inter-Domain Routing syntax; for example, the whitelist enables only devices with the IP address through to access an API client.


Janrain Template Language

Often shortened to JTL. Used on HTML-based screens and forms to provide the correct user experience for your end users. For example, the JTL tag {* firstName *} indicates that the user's actual first name should be displayed in the form (e.g., "Welcome, Bob!").

JSON web token

Often shortened to JWT. Open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JSON web tokens are used extensively in OAuth/OIDC authentication and authorization.


Janrain Template Language. Used on HTML-based screens and forms to provide the correct user experience for your end users. For example, the JTL tag {* firstName *} indicates that the user's actual first name should be displayed in the form (e.g., "Welcome, Bob!").


Local Storage

Type of web storage that allows websites and apps to store and access data in the browser, and without assigning an expiration date to that data. Among other things, that means the data stored in the browser is not deleted when the browser window is closed.


Set of parameters that defines the user's language and region; among other things, the locale is often used to determine the language used in an application's user interface.



Child window in an application that temporarily disables the main window: users must interact with the modal window before they can return to the main window. For example, if a user clicks the Change Password link, he or she must either change their password or dismiss the Change Password dialog box before they can continue. Most of the screens presented to an end user are modal windows.

Multifactor authentication

Security system that requires more than one method of authentication in order to verify the user’s identity. Multifactor authentication requires two of more pieces of evidence; that evidence can be derived from what the user knows (for example, a password); what the user has (e.g., a security token), or what the user is (for example, a fingerprint or a face scan). By requiring more than one piece of credentialing information, this provides additional layers of security: even if a hacker has stolen your password, he or she must still be able to pass an iris scan before gaining access to a resource.


Native sharing

Type of social sharing that uses the provider's own sharing mechanism. For Akamai, this typically means doing nothing more than launching the provider's built-in share window. With this type of sharing, authorization is done directly through the provider. As such, native sharing is typically is used when a website or app does not want to require authentication of its own, or when the provider does not offer sharing by using the Akamai RESRT APIs.


Arbitrary string/numeric value used to verify OAuth/OIDC token validity. To help guard against replay attacks, the nonce should be changed each time it is used. The term nonce comes from the English word nonce, which refers to a word coined for one specific occasion. For example, Fluddle, a cross between a flood and a puddle, was coined in 1995 to describe driving on a water-logged British road.


OAuth 2.0

Framework that enables clients (either apps or websites) to obtain both authentication and authorization. As a framework, OAuth 2.0 establishes a standard set of message flows using JSON (JavaScript Object Notation) and HTTPS; however, OAuth does not dictate the process by which clients use these message flows. (That's where OIDC comes in.)

One-time password

Automatically generated character string that authenticates a user for a single transaction or session. One-time passwords (TPs) are typically used in multi-factor authentication systems: the user typically enters his or her username and password and then, when prompted, enters their OTP in order to access the system.

OpenID Connect

Often shortened to OIDC. OpenID Connect (OIDC) is an "identity layer built on top of OAuth2." That simply means that OIDC is employed in user authentication: it helps to verify that you are who you say you are. At its core, OIDC is a secure mechanism that enables an app or a website to: Contact an identify service provider and authenticate the user. Receive an access token that determines the behaviors that the user is, and is not, allowed to carry out. Securely retrieve any personal information (such as information extracted from a user profile) needed by the user or by the system. Periodically refresh the user session, and prevent that session from timing out.

OpenID provider

Often shortened to OP. Service that specializes in registering OpenID URLs or XRIs (eXtensible Resource Identifiers).



Information being transmitted in a JSON web token. Also includes additional information about the user or the token as needed.


User profile attribute type that can store an indefinite number of objects. For example, the profiles plural contains all the data collected from all of a user's social media profiles, with each social media provider having its own set of attributes contained with the profiles plural.


Identity Cloud product that uses APIs to implement centrally governed, token-driven access control and progressive profiling.


API development environment (ADE) used by more than 5 million developers and 100000 companies worldwide. ADEs help support, simplify and formalize API development.


Middleware used to manage user consents and authorizations.


Middleware that seamlessly, and in real-time, synchronizes information in a user profile with information in a third-party application such as Salesforce Marketing Cloud.

Progressive profiling

Strategy in which you gradually build up a user profile over time, and in context. With progressive profiling, the personal data for a user is not collected all at once (e.g., at registration. Instead, data is collected over time, and only when needed to support the user experience. Progressive profiling/registration supports the concept of data minimization: you should only collect the data you actually have a user for. You say you don't need to know a user's gender? Then don't ask users for their gender.


Process of moving a flow from the development environment to the production environment. Currently this activity must be performed by Akamai.



Advanced form of CAPTCHA that makes an initial assessment as to whether or not an account asking for access to a resource is a bot or not. If there is a high degree of confidence that a legitimate user is requesting access, then access will be allowed with minimal disruption. Suspicious accounts will need to complete one or more CAPTCHA challenges before being granted access.

Redirect URL

URL that users are redirected to following a successful authentication.

Refresh token

Provides a way for a client to stay logged on to a web site or application indefinitely. Refresh tokens are required because access tokens (which actually grant access to a resource) are typically short-lived. However, right before an access token expires a fresh token can be used to request a new access token and keep the session itself from expiring.

Relying party

Often shortened to RP. Service, site, or entity that depends on a third-party identity provider to identify and authenticate users requesting access to a digital resource.

Replay attack

Network attack in which valid information (such as a user password) is intercepted and then fraudulently used in an attempt to gain access to a resource.

Reverse honeypot

Helps guard against malicious users employing bots to create fake accounts on your site. A reverse honeypot involves placing an additional, hidden field on a registration form. The value the user assigns to that hidden field must match a value configured by using the set_default API setting. If it doesn't registration fails. Admittedly, users will have no idea what value to enter into that hidden field. But that's OK: a snippet of code correctly updates the field as soon as you hover the mouse over the Submit button. Because a bot never hovers the mouse over the Submit button, the hidden field will never be updated, and the attempt to register a fake account will fail.



"Blueprint" that specifies how a database is constructed. In the case of Akamai entityTypes, schemas specify the attributes included in an entityType, as well as the datatypes, rules, constraints, and other properties assigned to those attributes.

Scoped access

Provides differing levels of access to a resource. For example, in the Console, and depending on permissions granted to them (or depending on the agent role assigned to them), agents have the right to do such thing as create, modify, and delete user profiles; assign agent rights to other users; and manage schemas. It's recommended that you follow the "least-privileges principle" when assigning access roles and permissions: give users the permissions that enable them to do their jobs, but do not assign them any permissions beyond that. For example, if Console agents only need to work with user profiles, do not assign them an agent role that also lets them manage the schema or create/delete agent accounts.

Secure Edge

Security technology that combines the Identity Cloud user/identity-based management and security measures with the network-based protection of the Akamai Intelligent Network. Secure Edge helps to: Identify and stop malicious behavior, reducing the capability to validate compromised accounts. Protect against DDOS, web application, and bot attacks on your registration and login endpoints. Provide API protection from the same threats. Minimize fraudulent account creation.

Self-service password reset

Method by which users are empowered to change their own passwords, without having to rely on help desk personnel to make the change for them.


Short for Security Information and Event Management. Standardized way of collecting and aggregating security and event information. To make use of SIEM events and SIEM data, you will need a SIEM software platform such as IBM QRadar or Splunk.

Single Sign-On

Often shorted to SSO. Enables users to register or log in once and effortlessly navigate across your multiple websites without needing to log in again.

Social login

Enables a user to create an account on (and subsequently log onto) a website or app by using an existing account on a social login provider such as Facebook or Twitter.

Social login token

Provisioned after a successful authentication through Social Login. Social login tokens allow for scoped, one-time access to user data through the auth_info endpoint. Social Login tokens can also be provisioned manually using the signin/oauth endpoint in exchange for an IDP token.

Social sharing

Methodology for sharing information across social networks. By adding a simple, streamlined bar of providers, users may share a URL within a social network, directly with friends on the network, or via email. Sharing may be configured to use the Identity Cloud UI, the social provider’s native UI, or a mixture of both.


Thin registration

Social login registration method in which the widget does not display the socialRegistration screen after a user logs in for the first time using a social provider. Note that thin registration cannot be employed if you use a social login identity provider that does not return an email address. That's because email addresses are required in order to create an Identity Cloud user profile.


Often shortened to TTL. Mechanism that limits the lifespan or lifetime of data in a computer or network. For example, if you change an API client secret, you must specify a time-to-live for the old client secret. If you specify a TTL of 2 hours, that means the old secret remains valid for 2 hours. When those 2 hours are up, you will no longer be able to authenticate using the old client secret.

Traditional login

Process of logging on to a website by using a username and password created specifically for that site.

Transactional emails

Emails automatically generated and sent by Akamai in response to user activities. For example, if a user changes his or her email address Akamai automatically sends an email asking the user to verify the new address.


Array of dictionaries that contain the values for all translatable text that appear in the flow, with each dictionary representing a locale. Translations must be updated any time fields are added or removed from the flow, and any time an element name (such as a field name) is changed.



Schema attributes that can be made available in local storage. userData is typically used to enhance/personalize the user experience; that's because this data is readily available in local storage and can be retrieved without having to make an API call to the user profile database. In an Identity Cloud flow, the userData attribute defines the data that will be available in local storage.



Charts and graphs (as well as tables and text messages and maps used to display data in Customer Insights. Note that all Looks and all Explores must include a visualization. If you don't specifically choose a visualization, a default visualization (typically the column chart) will be selected for you.


Web application firewall

Often shortened to WAF. Examines web traffic to identify and filter out suspicious activity based on rule sets that you specify. A WAF, such as the Akamai WAF used in the Identity Cloud, can block such things as comment spam, cross-site scripting attacks, and SQL injections.

Well-known endpoint

Set of OIDC values that can be retrieved by a client; this enables clients to configure themselves. For example, you should never have to specify the public key for a client. Instead, your OAuth client can connect to the well-known endpoint (also known as the discovery document) and retrieve the latest copy of the public key for itself. If you have implemented OAuth and OIDC, you can retrieve your well-known endpoint by adding /.well-known/openid-configuration to the end of your Identity Cloud domain URI.


Client-side JavaScript loaded to the browser by using the load.js function. Taking its cue from the flow, the Widget renders predefined elements on a web page.