Hosted Login Authorization Rules Videos

Authorization rules are a special type of API client setting: at heart, authorization rules are a series of tests that a user (or, more correctly, a user's user account) must pass before he or she can be given an access token. The following videos show you how to configure Hosted Login's authorization rules and, equally important, give you an idea of what happens when a rule is triggered.


authorization.rules.consents

Running Time: 2:23

Indicates whether the user has agreed to any of the consents defined by your organization: this can include the default marketing consent as well as any custom consents you might have created.



authorizated.rules.email_is_verified

Running Time: 2:49

Indicates whether or not the user's email address has been verified.



authorization.rules.legal_accepted

Running Time: 2:35

Indicates whether the user has agreed to your organization’s privacy policy and terms of service.



authorization.rules.min_age

Running Time: 2:08

Specifies the minimum age (in years) that the user must be before he or she can log on.



authorization.rules.required_attributes

Running Time: 3:00

Specifies all the user profile attributes that must contain a non-null value before a user is allowed to log on.



authorization.rules.auth_ttl

Running Time: 3:05

Specifies the amount of time, in seconds, that a session can last before a user must re-authenticate. This is a per-device setting, and is enforced regardless of whether or not the user still has a valid access or refresh token.