By default, when your end users create an account, they are explicitly agreeing to your terms of service and privacy policy.
The terms of service and privacy policy links should be updated to point to your own pages containing your legal text. See the Links section for updating these links.
Hosted Login has built-in functionality to store data about the user’s acceptance of your terms of service and privacy policy. This data is stored in the user’s record within a plural object called legalAcceptances
.
Hosted Login will also prompt the user to accept again when you formally update your legal text.
You can leverage this functionality by using the following settings in the Identity Cloud Console:
Setting Name | Example Value | What it Does | How to Use |
---|---|---|---|
legal_acceptance_id_1 | privacyPolicy-v1 |
This value is written to the user record upon acceptance | When you make a meaningful change to your legal text, update this setting to reflect the new version (Example: privacyPolicy-v2 ) |
legal_acceptance_id_2 | termsOfService-v1 |
This value is written to the user record upon acceptance | When you make a meaningful change to your legal text, update this setting to reflect the new version (Example: termsOfService-v2 ) |
authorization.rules.legal_accepted | ["privacyPolicy-v1", "termsOfService-v1"] |
This array is compared to the user record upon login; a mismatch will prompt the user to accept the new terms | When you make a meaningful change to your legal text, update the pertinent value(s) in this array. The values in this array must match the above two settings. |
By default, these settings are placed at the Global level and have placeholder values. You can update these setting values to represent your real privacy & terms versions and naming conventions:
Tip! These settings can be maintained at the Global level and/or at the Property level. Where you maintain them depends on whether your legal text is handled globally across all your sites, handled separately per site, or a mix of both.
For more information and other available authorization rules, see Authorization rules.