The default Hosted Login experience includes user acceptance of your terms of service and privacy policy upon registration. Registration screen in Hosted Login

Note the text near the bottom of the registration screen indicating that clicking the Create Account button serves as the user’s acceptance.


When the user creates an account, the Identity Cloud writes data about the user’s acceptance of the terms and policy into their record. This data is stored in the user’s record within a plural object called legalAcceptances. legalAcceptances in user record

For each legal agreement the user has accepted (e.g. terms of service, privacy policy), an object is added to the legalAcceptances plural. Each object contains the following data attributes:

  • clientId - The Identity Cloud client associated with the website or application where the user created their account and accepted these terms or policies. If you have multiple digital properties integrated with the Identity Cloud, this is used to identify which one the user accepted from.
  • dateAccepted - The date and time (UTC) when the user accepted.
  • id - A numeric identifier that is auto-generated by the Identity Cloud database for every object within a plural. This is a database requirement and is read-only.
  • legalAcceptanceId - Your identifier which indicates what legal agreement and which version of it the user accepted (e.g. privacyPolicy-v1). This value is customizable and is configured in the Identity Cloud Console.

In addition, Hosted Login has the ability to prompt the user to accept again when you formally update your legal text. Re-acceptance screen in Hosted Login

Based on an update to your settings in Console, the above screen will display to the user the next time they log in.


When the user clicks the button to accept, a new object is added to the legalAcceptances plural in their user record. In this example, the user accepted a new version of the privacy policy: Updated legalAcceptances in user record

Notice the original privacy policy object (for privacyPolicy-v1) is retained for historical reference, and a new object for privacyPolicy-v2 has been added.