Require user consent

If users must provide one or more consent before they can be allowed to login to your site or app, you should consider enabling the Consents authorization rule.

Enabling the Consents authorization rule means that when a user submits the login form, Hosted Login will check their profile for specified consents and, if any are not granted, the user will be prompted and required to grant them before continuing. Required consents screen in Hosted Login

Enable the Consents authorization rule

To enable this authorization rule, you must add or update the following setting in the Identity Cloud Console:

  • authorization.rules.consents

This setting is not configured by default. You can add it to Global Settings if you want the rule to apply to all digital properties, or you can add it to a specific Property to apply it to just that site or app.

The value of this setting is a JSON-formatted array of consents. Each consent in the array is identified by the name of the consent - the object attribute name - within the consents object in the schema. Marketing consent authorization rule in Console For example, the setting value to enable the authorization rule for the default marketing consent is:

  • [“marketing”]

An example value to enable this rule for multiple consents is:

  • [“marketing”, “personalization”]

If you are testing this functionality with just the default marketing consent, then all you need to do is configure the authorization.rules.consents setting properly and Hosted Login is built to handle the rest.

However, if you’d like to enable this authorization rule for any other consent, you’ll need to take a couple of additional steps as outlined below.

Configure the authRuleConsentsForm

The authRuleConsentsForm is the form that is displayed to the user when they need to provide a required consent (triggered by the Consents authorization rule).

By default, this form contains one consent - the marketingConsent field. Default consents screen in Hosted Login

If you’d like to add other consents to this form and/or remove the marketingConsent field, you can do this in the Identity Cloud Console:

  1. Click on your application in the left column navigation
  2. Click to open REGISTRATION BUILDER Registration Builder in Console
  3. Click the Actions menu ( ) next to the flow you want to update and select Edit Edit Flow in Console
  4. On the Edit page, go to the FORMS tab
  5. Find the form called authRuleConsentsForm. By default, forms are listed in alphabetical order by Form Name.
  6. Click the Edit Form icon ( ) for this form Edit authRuleConsentsForm in Console
  7. In the Fields section of the Edit Form page, click the ADD FIELD button Add field to form in Console
  8. In the pop-up, select your consent field from the list, and click the ADD FIELD button Select field to add to form in Console

    Note that you must create any consent fields you need before they will appear in this list. To create custom consents, see Add more opts.

  9. If you’d like to remove the marketingConsent field (or any other fields you’ve added) from the form, click the icon in the far right column for that field. Remove field from form in Console
  10. Remember to click the SAVE button to complete your form changes.

NOTE: By default, you have a Global Setting called default_flow_version which is set to HEAD. This allows changes to the flow configuration - like this form change - to be published to Hosted Login screens immediately.

If default_flow_version is set to a specific flow version (example: 20200324202112729271), you will need to update it to the new version in order to publish this change. You can find the latest flow version on the REGISTRATION BUILDER home page in Console.

If you’d like to customize the text displayed on this screen, see Text.

Add logic to write metadata

You should now have the following configured:

  • The authorization.rules.consents setting configured to trigger based on one or more consents you require
  • The authRuleConsentsForm configured to display the consent(s) you require

However, Hosted Login is built to write consent data based only on the marketingConsent by default. In order for the correct data to be written to the user record when the authRuleConsentsForm is submitted, this hidden logic must be revised to match your new configurations. Consent data not automatically written to user record upon form submission

For this, please reach out to your Akamai Identity Cloud representative. The logic that tells Hosted Login what to write into the user record, and when to write it, can be modified by the Akamai Identity Cloud Professional Services team to support your specific needs.