Gigya's plugins rely on cookies set in the users' browsers. These cookies are recognized by browsers as "third-party cookies", which the browser may be configured to block. In some browsers, such as Safari, third-party cookies from unvisited sites are blocked by default. Incognito/private browsing mode has no effect on this behavior.
Blocked third-party cookies may prevent Gigya services from working properly:
- In all cases, the recommended best practice is to use a Custom API Domain Prefix. A Custom API Domain Prefix enables calls to Gigya to appear to be local by utilizing a cname alias directing all API calls to the Gigya servers. To implement this solution, contact Gigya Support via the support portal located within your Gigya Console's top menu, or click here to login.
In all cases, browsers that do not, at a minimum, have Accept Cookies From Sites I Visited enabled, are not supported.
It is important to note that a Custom API Domain Prefix will solve the SAML login only if the site is not part of an SSO group. However, if the site is part of an SSO group, the Custom API Domain Prefix will only solve SP-Initiated SAML login; IdP-Initiated SAML login does not work on any browser with this method.
By default, when the Gigya Web SDK is loaded in a webpage, if it sees the user is using a browser that blocks third-party cookies by default (e.g., Safari), it will attempt to set the required data in Local Storage to solve the problem.
Single Sign-On (SSO) requires a different configuration to work properly. For more information, see Site Groups and Single Sign-On.