SAP Customer Data Cloud Positions

Release Notes

Skip to end of metadata
Go to start of metadata

Please note the following:

October 2020

October 5, 2020


  • If you have reached your schema field limit, you can now delete an unused field to create a new one (using the Schema Editor or by calling accounts.deleteSchemaFields.

September 2020

September 22, 2020


  • fileNameRegex added to the Azure reader components, for filtering file names using a regex expression. 

September 15, 2020


  • When adding a Central Login Domain to your site group configuration, it is now automatically added to all the child sites of that group. 

August 2020

August 23, 2020


  • AEM GConncetor now supports using Private Async Keys with applications.

Android SDK (Legacy) 3.3.34

  • Update - URL validation added in WebLoginActivity class to prevent unwanted URL injections.
  • Update - Added the option to add FLAG_SECURE to SDK activities using GSAPI the SECURE_ACTIVITY_WINDOW static flag.

Cordova SDK

  • Update - Now includes Gigya Android SDK (Legacy) 3.3.34.

August 13, 2020

CIAM for B2B

  • Rejection notification: In the invitation template form, you can now configure a rejection notification that will be sent via email to the organization contact, notifying them their request was unsuccessful. 
  • Time-based conditions now support date ranges, in addition to weekdays and fixed times. 
  • IP-based conditions: You can now restrict or allow access based on an IP address. 
    • Define the IP values as constants to use them in conditions (Restrictions > Settings > Constants). 
    • To apply the condition, make sure the authorization request includes the "originating_ip" key and value: 

       "identity": {
      	 	"id": "7c***4b"
       "context": {
      		"organization": "***",
      		 "originating_ip": ""
      	}, "response": {
      	 	"include_identity": true,
      		 "include_reasons": true
    • Customization of requester's data: The requester details in the organization creation or registration request are now based on the member schema details and are not fixed. 

    • New design for Settings menu:

    • New design for Identity schema: attribute lists and attribute sources are now managed separately and shown in a list:


  • You can now set up an extension endpoint to apply custom logic for sending SMS code verifications to users, in Risk Based Authentication and Phone Number Login flows. This includes: 
    • Send an SMS from a 3rd party SMS provider
    • Apply limitations on the number of SMS sent out at certain times
    • Perform analytics on your SMS service
    • Apply custom validations to the user's phone number
    • Use advanced options with Twilio or Livelink that are not supported by Gigya configurations

Native Screen-Sets

  • New JSON Editor available on the Console for creating and editing Native Screen-Set code. The editor includes auto-complete suggestions and dynamic code validation based on your site schema and SAP Customer Data Cloud screen structure. To use this code in your implementation, download or copy it and use it in your Native Screen-Set project.

Enterprise Consent and Preference Management

Schema Field Encryption

  • You can now apply encryption to the following field types: integer, long, float, date, Boolean, in addition to string fields for which encryption was already supported. For more information, see Schema Editor documentation.

Risk Based Authentication

  • New riskScore parameter added to the clientContext object, allowing you to associate a risk score to a login attempt and trigger RBA rules based on that score. This can be used in server-side RBA implementations to integrate with various fraud prevention and risk detection systems. For more information, see Risk Based Authentication.
  • clientContext is now supported for accounts.tfa.initTFA to enable server side RBA implementations for these endpoints. 
  • When passing the clientContext in an API call, the server IP is now also displayed in the audit log (both in the Audit Log and Identity Access tabs of the Console).

Global Access

  • New inTransition parameter added to accounts.getAccountInfo (both server and client side), to indicate that an account is currently being transferred between global sites. When in transition, no changes can be made to the account. 


July 2020

July 20, 2020

Global Access

Phone Number Login

CIAM for B2B

  • New webhooks for CIAM for B2B to allow automation of B2B onboarding flows and processes: 
    • Organization Requested
    • Organization Entered Draft Stage
    • Organization Entered Approval Workflow
    • Organization Activated
    • Organization Suspended
    • Organization Rejected
    • Organization Workflow Enabled

Consent Management

  • In a child site of a site group, you can now reset the consent statement status for a user by calling accounts.resetSitePreferences. This also fires a new webhook, "Site Preferences Reset". 


  • In addition to the Webhooks mentions above for CIAM for B2B and resetting site preferences, new webhooks for account changes: 
    • Account merged - fired when accounts are linked in a link account scenario.
    • Account progressed - fired when an account progresses from lite to full. 
    • Account UID changed - fired whenever the UID changes for this account. For example, when calling socialize.setUID.

Lite Account Progression


  • You can now specify missingRequiredFields in the include parameter of accounts.register, to receive a list of the required fields for which data is missing for this user.


June 2020

June 25, 2020


  • You can now review the status of a Webhook in the Console, by choosing Status from the Actions menu.

Risk Based Authentication

  • Server-Side RBA: We now support applying Risk Based Authentication rules to server-side implementations, by passing a clientContext in accounts.login calls. Previously, RBA was supported only client-side. 

Single Sign-On

A new Web SDK supports implementing a Single Sign-On (SSO) experience on Safari and other browsers with tracking prevention. For more information, see SSO with Safari.

Mobile SDKs

  • New Android SDK v4.2.0: 
    • Security update - Social login flows will now be handled in app and not using an external browser. This will require all clients using Google Sign in to make sure that the Google auth library is implemented. Steps are explained in the documentation.
    • Bug fix - onLogin plugin callback not called when finalizing account linking.
  • New Swift SDK v1.1.2
    • Bug fix - onError plugin events not called in networks error.

    • Update - Added getSession method.


June 12, 2020


June 9, 2020


  • In the Job Status Details, you can now filter the trace by entering a search term. 

June 8, 2020


May 2020

May 21, 2020


  • Facebook has announced the deprecation of books, games, movies, television fields. Facebook changes apply to v7.0 and above. As a result we are deprecating the following fields, effective immediately. As a result, these fields will not be populated anymore: 
    • favorites.books
    • favorites.movies
    • favorites.television

May 17, 2020

IP Restrictions

You can now configure both Whitelists and Blacklists that are scoped to your entire Partner or specific Sites from the Customer Data Administration Console. See IP Restrictions for more information.


May 13, 2020


Introducing the SAP Customer Data Cloud Native Screen-Sets. Native Screen-Sets allow your app to maintain the native experience while enjoying the benefits of SAP Customer Data Cloud web Screen-Sets. It is a low-code solution for delivering a highly customizable user interface for a consistent user experience. While web Screen-Sets are rendered based on an extended version of HTML, Native Screen-Sets are rendered based on a single JSON object. This release includes new Android and iOS SDKs: 

  • New Android SDK v4.1.0: 
    • Core: Support for Native Screen-Sets
    • Android Sample Apps: Support for Native Screen-Sets
  • New Swift SDK v.1.1.0: 
    • Core: Support for Native Screen-Sets
    • Core: Improved Network layer (URLSession)

Native Screen-Sets are still in alpha release mode and not yet production-ready. To receive the Native Screen-Set libraries, open a support ticket. The sample apps includes these libraries.



  • Shared Variables: You may now create and manage variables, that can be shared between different partners, data centers and sites. This is useful for credentials (for example, to an SFTP repository) or any variable that is reused in different flows. It saves the hassle of retyping and minimizes manual errors; and also enables updating variable values in a single location, instead of manually updating different dataflows. For more information, see Shared Variables.
  • The Google Cloud reader,, has a new parameter fileNameRegex for filtering files by name, using regex. 
  • Bug fix: sometimes, when retrying to export a file, subsequent export attempts would cause the original file to be overwritten. This is now fixed by applying a different naming structure for retry files.
    • First attempt naming: name, name.1, name.2, name.3
    • Second attempt naming: name 2.0, name 2.1, name 2.2

May 11, 2020


When using an OIDC OP, you can now set the allowed scopes, as well as define a custom accessTokenLifetime and identityTokenLifetime for the respective tokens. See the fidm.oidc.op.createRP REST API documentation for more details.


April 2020

April 30, 2020

CIAM for B2B

April 23, 2020

Global Access

  • You can now send Webhooks from global sites, signing the notification with a JWT when using webhooks version 2.0. 


  • Using webhooks version 2.0, you can now include the API key of the website that triggered the webhook event, supporting various site group scenarios. 


New Objective-C SDK v3.7.5(Legacy). This release includes:

  • Update: Removed all references of 'UIWebView' (WeChat).
  • Bug fix: Open popup directly from screen-set.

April 21, 2020


  • New Cordova SDK v.3.6.4 (legacy) includes: 
    • Update - Core SDKs updated to Android v3.3.33 and Objective-C v3.7.4.

    • Update - Added a new function named 'obfuscate' to allow obfuscation of Screen-Set data (relevant only for the Android platform).

April 20, 2020

  • You can now specify missingRequiredFields in the include parameter of accounts.login, to receive a list of the required fields for which data is missing for this user, e.g.: 

    "missingRequiredFields": [

April 7, 2020


  • New Android v. 4.0.11:
    • Bug fix – Profile field nickname was not serialized correctly.

    • Bug fix – OnCanceled event not called on screenset dismissal (using GigyaPluginFragment).

March 2020

March 18, 2020

Consent Management

  • For a localized template, you can now upload a PDF document of the consent statement that is saved to the SAP Customer Data Cloud servers, attached to any relevant consent interactions, and visible in the Consent Vault. For details, see Consent Management.

    This feature is not available in the RU and CN data centers.


  • New Swift SDK v.1.0.10 core. The release includes: 
    • Update - Adding: Send GetAccount with additional parameters. 
    • Fixed - Simulator with iOS 13 was removing session after killing the app.
    • Fixed - Sending a request with a pipe character ( | ).
    • Fixed - Issue with external links in screenSet.
  • New Android SDK v4.0.10, includes: 
    • Fixed – Runtime crash resulting from null GigyaWebBridge callback access.
    • Fixed – Avoiding CLEAR_TEXT error when loading screensets using showPlugin method
  • New legacy Android SDK v.3.3.33. This is a maintenance update to our legacy SDK. 
    • Fixed - Wrong session expiration value loaded after application is killed.

    • Fixed – Avoiding CLEAR_TEXT errors when loading screen-sets using showPlugin method.

March 3, 2020


February 2020

February 24, 2020


  • New Android SDK v4.0.9 includes bug fixes for the following: 
    • Screen-Set errors when switching locales
    • Expired session not cleared after app is killed

February 19, 2020


  • New Sitecore GConnector supports Sitecore version 9.3. 
  • New WordPress GConnector: 
    • Update - Added validation to custom screen-sets. You now must select screen-sets from a drop-down list of available screen-sets instead of free-typing the name. This will resolve issues with attempting to use screen-sets that don't exist or are misspelled.

    • Fixed - Resolved an incompatibility with PHP 5.x.


February 18, 2020


  • You can now pass a client's browser IP address through a CDN so it can be audited by passing a newly supported custom header in your REST requests: X-Gigya-Client-IP. See Signing Requests to SAP Customer Data Cloud.

February 17, 2020


  • You can now use the OnBeforeSetAccountInfo extension for data enrichment, in addition to data validation. For more information, see Extensions.


  • You can now encrypt and decrypt files in IdentitySync flows using GPG, in addition to PGP that was previously supported.

  • You can now create a dataflow based on an "Empty" template, that is not pre-populated with steps.
  • The dataflow editor now includes an actions menu with the following options: 
    • Run Test
    • Scheduler
    • Job Status


  • New IOS Objective-C SDK v.3.7.4.: 
    • Fixed: Apple sign in missing regToken on interruption errors.

February 4, 2020


  • New .NET SDK includes the following: 
    • Update - Added JWT signature validation. See the SigUtils.ValidateSignature method. 

    • Update - The SDK is now strong-named with the same public key as version 2.15.4.

  • New Swift SDK v. 1.0.9 core, includes bug fixes. 

January 2020

January 29, 2020

  • On February 3, 2020, we will update our SSL certificate for SAP Customer Data Cloud services. You can find more information here.

January 27, 2020


New Android core SDK v. 4.0.8. 

  • Bug fix: Using GigyaWebBridge attach function now propagating the correct events.
  • Bug fix: Session will now always clear after logging out using the GigyaWebBridge.
  • Update: The SDK now supports LINE v5.

    This SDK and future versions are not compatible with previous versions of the LINE SDK.


January 14, 2020


Updates to the SAP Marketing Cloud writer: 

  • Support for phoneField and faxField, for mapping a SAP Customer Data Cloud field that contains the contact's phone or fax numbers, with the corresponding Marketing field. 
  • Support for PHONE and FAX values in the consent communicationType.

January 7, 2020


New Swift SDK v. 1.0.7 includes the following: 

  • SDK Core 1.0.7:

    • Update - Added support for 'verifyLogin'.

    • Update - Added 'forgotPassword' method.

    • Update - Added 'login' business API with required parameter dictionary.

    • Update - Added 'setAccount' business API with required parameter dictionary.

    • Bug fix - WebBridge onLogout event logout flow fix.

  • Demo App 1.0.7

    • Updated - Now using Swift SDK 1.0.7

January 5, 2020

Global Access

  • Global Access is no longer in controlled release mode, and is now generally available on all partners. To learn more about creating global sites, please read our documentation


  • Drupal 8 v2.8

    • The Gigya session is now synced with Drupal through revocation, i.e. the session is active until revoked.

    • Update - 'Remember Me' is now correctly synced with Drupal.

    • Bug fix - It is no longer possible to set a session shorter than 60 seconds.


  • New Android SDK v4.0.7
    • Updated – Business API for endpoint 'notifySocialLogin'.
    • Bug fix – Verify login interval not triggered.
    • Bug fix – Social login with Google will accept 'google' & 'googleplus' as identifiers.


January 1, 2020



December 2019

December 24, 2019


  • New .NET SDK 2.16.1 includes new GSAuthRequest class for handling requests signed with a JWT authorization header.

December 17, 2019


  • For server-side registration flows, it is no longer required to pass a regToken, and therefore unnecessary to trigger the registration flow with accounts.initRegistration, but possible to directly call accounts.register.


  • New authenticationVersion parameter added to the Salesforce Marketing Cloud writer (Exact Target), to support using version 2 of the API. 
  • salt parameter added to the hashing components, field.hash.md5 and field.hash.sha2, for adding salt to the hashing algorithm. 
  • You can now read more than 1000 files from Amazon S3.

December 9, 2019


  • Push Authentication: You can now offer your users the option to authenticate via a push notification displayed by your app on their mobile phones, instead of a password. For more information see Push Authentication
  • New Screen-Sets and new Policy to support Push Authentication.
  • New UI Builder control, 'Auth methods', used for linking to the relevant authentication method (password / push) in a login flow.  
  • New Android v4 and Swift SDKs with new "auth" library for supporting Push Authentication.

    If you are using second factor push authentication, note that you will need to update your implementation to the new libraries and changed methods, before upgrading to the new SDK versions.


  • New look and feel for the UI Builder for a friendlier, smoother user experience. Includes the following: 
    • Changed look and-feel, including changed control icons, different fonts, different layout:
    • UI Builder now embedded so that navigation within the Console is still available.
    • List of screens is now a dropdown and not fixed on the screen: 
  • New design for the Schema Editor, aligning with SAP design concepts and the Console look-and-feel: 


  • The User Import Guide is now available for importing users via IdentitySync
  • New parameter in the WebSDK Configuration toggles.alwaysValidatePassword, ensures password complexity requirements are validated on change password screens, not only on registration screens. This is a temporary toggle, and we will soon announce a date on which password complexity will be enforced on all screens. 


December 2, 2019


  • New Android SDK v4.0.6 includes bug fixes: 
    • Business APIs no longer override “include” field. 

    • Fixed crash when using Volley network library.  

    • Support for Screen-Sets flow using addConnectionUI added.

November 2019

November 24, 2019


  • New Python SDK, includes support for sending multiple concurrent signed requests with the same parameters (same params object).

November 18, 2019 


  • You can now transfer files between SAP Customer Data Cloud and Google Cloud Storage using IdentitySync.


  • New Objective-C SDK, includes the latest version of the GoogleSignIn SDK (v5.0.2). 

November 6, 2019


  • New Swift SDK includes updated sample apps with Apple sign-in, and bug fixes. 

November 4, 2019


October 2019

October 24, 2019


  • Global Configuration has been renamed to WebSDK Configuration
  • You can now configure your own API domain prefix in the Settings page of the Console, where previously a support ticket was required to do this. The API domain prefix is used for configuring your CNAMES and when implementing the centralized login domain for SSO. 


October 22, 2019


  • When provisioning a certificate to serve SAP Customer Data Cloud requests from your own domain: You can now validate your domain ownership using DNS, instead of email validation. For more information, see Certificate Provisioning
  • New cookie, gig_bootstrap_<apiKey>. For a full list, see Advanced Cookie Reference


  • SAP Marketing Cloud integration: You can now send a ContactOrigin field with your user records. If included, this will update the ContactOrigin in SAP Marketing Cloud. Otherwise, by default, this integration writes a value of "GIGYA_ID" as the ContactOrigin.

October 15, 2019

Global Access

Global Access enables you to provide your customers a consistent user experience, while honoring regional data privacy and residency regulations. With Global Access, when a customer travels around the world and accesses your localized sites, they log into their account and continue their relationship with your brand, no longer requiring a separate account or complex IT configuration. Users' data is stored at the data center they used to create their account, so that data residency regulations are upheld without compromising experience.
Global Access is now available for early adopters. If you have interest, reach out to your Customer Engagement Executive or open a support ticket.

September 2019

September 25, 2019


  • Updated Sites page of the SAP Customer Data Cloud Console includes the following: 
    • Ability to search for sites by site domain, ID, data center, description and API key, in addition to tags.
    • Pagination at bottom of site list: 
    • Ability to collapse or expand all site groups: 

Email Verification

  • You can now offer users the option to validate their emails using a code sent to their emails, instead of a link. This option, configured with a site policy, ensures that users stay in the context of the registration flow. For more information, see Email Verification and Email Update


Our recently released Android and Swift SDKs include new 2-factor authentication libraries, that enable implementing Risk Based Authentication on your native apps, rather than using screen-sets.

In addition, recent SDKs include the following features:

  • Swift: support for Apple ID login, session expiration, GigyaWebBridge, latest Facebook SDK; bug fixes.
  • Android: support for Apple ID login, GigyaWebBridge, bug fixes. 
  • Cordova: support for our legacy Android and iOS SDKs.
  • Objective-C SDK: disabled WeChat, to prevent a rejection of your app by Apple. WeChat support will return when the WeChat SDK supports iOS 13. Support for Apple ID login, latest Facebook SDK.
  • Objective C: disabled WeChat, to prevent a rejection of your app by Apple. WeChat support will return when the WeChat SDK supports iOS 13.

September 24, 2019


  • You can now opt in to webhook events for lite account interactions, by creating a webhook with a version of 1.1. Turning on lite webhook notifications may cause you to receive events you did not previously anticipate, as well as an accountType and callId, so make sure your downstream systems are prepared for this change before creating a 1.1 version webhook. For more information, see Webhooks.

Risk Based Authentication

  • You can now use SAP LiveLink to send out second factor SMS codes, in addition to Twilio, when configuring Risk Based Authentication

September 16, 2019

Apple Sign-In

  • You can now add Apple as one of the options for Social Login, to allow users to log in with their Apple IDs. 

August 2019

August 31, 2019

Sitecore versions < 9 Deprecation

  • As previously announced in November 2018, due to a change in Sitecore's internal architecture, all Sitecore GConnectors for all versions prior to 9.0 have been deprecated and are no longer available. 

August 26, 2019

Phone Number Login

  • New user-facing flow allows users to update their login phone numbers. For more information, see Phone Number Update.

August 14, 2019


July 2019

July 31, 2019


  • You can now add custom HTTP headers to Webhooks, made of key-value pairs, to be sent together with the webhook notification. You can use these headers to add any additional details and context to the notification, e.g. an ID or flag that is consumed by a third-party system downstream.

July 29, 2019

Lite Registration

  • A new lite account progression policy enables merging lite data into the full account at the moment of progression from lite to full. For more information, see Lite Account Progression


  • New notifyLastRecord parameter added to the record.evaluate script used for creating custom scripts. This is used to indicate that the last record in the batch has been handled.

Risk Based Authentication

  • New Android and Swift SDKs enable the completion of a push notification flow, in the event that users have biometric authentication enabled on their phones. In those cases, users will first authenticate with their biometric identification, then receive push notifications. 

July 19, 2019


  • You can now configure your site policy to require email verification from social users, using the SAP Customer Data Cloud Console. Previously, this could only be done using an API call. 

July 11, 2019

CIAM for B2B

SAP Customer Identity and Access Management for B2B is now available! CIAM for B2B helps enterprises manage the end-to-end identity lifecycle of their partner's users with efficiency. It takes the capabilities of fine-grained authorization based on smart policies, and combines them with authentication and identity management, to provide you with a clear view of your partners, their members, and your relationships, easily managed in an intuitive, visual experience. 

July 1, 2019


  • New synchronous parameter added to the SAP Marketing Cloud writer, enabling working in a-synchronous mode. A-synchronous mode is faster, but you will not receive feedback of errors and job status. These should be handled in SAP Marketing Cloud.
  • maxConnections parameter added to datasource.write.external.generic.


Complete redesign of our Android and Swift SDKs. Based on developer feedback, they are driven by 3 core concepts: 

  • Aligned with up-to-date development and performance standards
  • Great customer development experience (never leave the IDE)
  • Focus on common business flows

Enjoy the following benefits:

  • Better performance
  • Work easily with your schema as it's now easily integrated with the entire SDK
  • Caching of the end-user's account data to reduce network calls
  • Built-in business flows, like registration, login and more, with out-of-the-box handling of different interaction scenarios.

Our new SDKs: 


  • You can now specify a value "id_token" in the include param of APIs that return a UIDSignature (e.g. accounts.loginaccounts.getAccountInfo), to return an id_token in JWT format. The token can be used to validate the data and ensure it has not been tampered with. 

June 2019

June 26, 2019

Risk Based Authentication

  • You can now implement a verification process where users receive push notifications to their mobile phone, after they sign in to your mobile app. For more information, see Push Notification.

June 19, 2019

Phone Number Login

  • SAP Customer Data Cloud now allows you to offer your users to authenticate with their mobile phones, using a one-time password received as an SMS message. Setting up Phone Number Login requires setting up an SMS provider. This adds to the various Authentication Options offered by SAP Customer Data Cloud, such as social login and OIDC.

May 2019

May 20, 2019


  • New login screen to the Console includes a cleaner design and alignment with SAP branding: 
  • You can now manage your cookie preferences for the Console, by opening the user menu and selecting Cookie Preferences:


  • updateDateField parameter added the subscription and consent objects in datasource.write.hybrismarketing, thus adding support for syncing the original subscription or consent date into SAP Marketing Cloud. 
  • When using the generic API writer, you can now pass a field value to parameters and headers, and not just a hard coded value. This enhances the flexibility and usability of the generic API writer. 
  • New look and feel of the IdentitySync Studio in Gigya's Console

April 2019

April 29, 2019


  • SAP Commerce Cloud: Added support for v1811. 

April 24, 2019


  • New component, datasource.write.external.generic, for writing user record data to an external service endpoint. This writer complements existing writers that write data to specific target platforms (both 3rd party services and file storage platforms), and greatly increases the flexibility of the IdentitySync platform. 
  • New error parameter when building IdentitySync Custom Scripts, for sending a failed record to the error path.

March 2019

March 25, 2019


March 11, 2019


  • New version of our Drupal 8 GConnector now supports calling any Gigya screen-set within the connector, enabling Lite and Consent flows. Previously, you could only call the registration, login and update profile flows. 

February 2019

February 27, 2019


  • Changed look, including full-screen display of Console tools, changed backgrounds and colors
  • Changed header that includes:
    • New control for the partner name selector
    • New control for the site selector
    • New user menu that includes the “Admin” menu item, account management and more

February 25, 2019




February 11, 2019


  • New parameters in datasource.lookup.gigya.account
    • isCaseSensitive allows performing a case insensitive lookup. Note that regardless of the value of this parameter, lookups of all 'basic-string' values are always case sensitive.
    • matchBehavior decides what to do in case of a match between the source field and the Gigya field. This can be used when you wish to import only those records that do not exist on the the target platform.
  • New parameters in and secret added for reading Gigya comments from a different source site.  



  • The Magento 2 GConnector now supports calling any Gigya screen-set within the connector, enabling Lite and Consent flows. Previously, you could only call the registration, login and update profile flows.
  • New release of the SAP Commerce Cloud GConnector, with an updated Java SDK.

January 2019

January 28, 2019



  • You can now dynamically display to logged-in users the value of a field saved to their account (e.g., display their first names stored in the profile.firstName field), using any type of control in the UI Builder. Previously, only labels supported this capability. 


Recently released SDKs: 

January 14, 2019


Risk-Based Authentication

  • Users who use time-based authentication as their second authentication factor, may now print backup codes to use in case they cannot access their device. This option is available from their Profile Update screen: 

    On mobile devices, users may generate and view their codes, but cannot print them.

December 2018

December 18, 2018

Lite Registration

  • When Lite Registration is performed using accounts.setAccountInfo, a UID is returned in the response.
  • Lite Preferences Center can now include user-editable profile and data fields, and not only preferences.
  • Emails used in Lite Registration are now validated with the same logic used for (Gigya's default validation, or a regex expression defined in the format parameter for profile fields in accounts.setSchema).


  • When a job fails after processing some files, it will now go into "retry" mode and attempt to handle the remaining files, while ignoring those already processed. 
  • fileNameRegex parameter added to the Amazon S3 reader, for filtering files by their name.

OpenID Connect

  • Site admins can now set a custom issuer for OIDC in the Console.



December 3, 2018


  • New Extension, onBeforeSocialLogin, is triggered when a user performs social login. Currently, the extension is supported only for SAML login, and will be expanded later on to include other types of social login. 


  • Updates to the SAP Marketing cloud writer (datasource.write.hybrismarketing):
    • New timeout parameter for configuring the time to wait for a response from the platform
    • New mobileField parameter for passing a contact's mobile phone number into SAP Marketing Cloud
    • New communicationType field in the consent object, for passing the communication type to which the contact consented
  • timeout parameter added to SFTP and FTP writers and readers
  • In custom scriptssetSessionParameter is now limited to 100 lines. 

November 2018

November 19, 2018


  • New "Fallback policy" setting allows choosing between ignoring all errors in the execution of an Extension, and failing all flows if an error occurs.


  • New templates available in IdentitySync Studio, when creating a dataflow: 
    • Import Full Accounts from SFTP

    • Import Lite Accounts from SFTP

November 13, 2018

  • New header in Gigya's Console, includes the following: 
    • New SAP logo, replacing the Gigya logo

    • Changed control for the partner name selector

    • Changed control for the site selector

November 5, 2018


  • New component,, for reading data "blobs" from the Azure Blob cloud storage using an access token.
  • New parameters added to  datasource.write.gigya.generic : apiKeyuserKey and secret, enable the usage of the generic writer in a Gigya-to-Gigya data transfer scenario. These parameters are used as credentials from the source site, from which to read data. 

October 2018

October 15, 2018


October 8, 2018


The new Extensions feature allows you to flexibly implement custom validations on Gigya login, registration and profile update flows. Using Extensions, you can meet a wide range of business use-cases, such as:

  • Prevent a user from registering with an abusive username
  • Prevent a user from registering with a disposable email address
  • Validate that zip codes match country and state provided

To use Extensions, host custom functions on your site or a serverless computing host (e.g. Lambda). Then, specify which Extension Endpoint (Gigya flow) to attach these functions to. Based on the response received from the Extension endpoint, the service will either allow the flow to proceed, or block it if the validation failed.

Lite Registration

  • You can now create a Lite Preferences Center where lite users can view and edit their privacy and communication settings. This was previously only available for fully-registered users.


  • You can now receive from Twitter an email address in addition to other user details. Note that this depends on approving your app with Twitter, and the individual user's permission. 

October 2, 2018

Risk-Based Authentication

  • You can now offer to users time-based authenticator apps (such as Google Authenticator) as the second step of authentication, in addition to SMS codes. When more than one option is enabled in your RBA configuration, users will now see a drop-down control from which to select their authentication preference:
  • New IPRatio global rule, for triggering an action (e.g., lockout) based on the percentage of failed logins, of the total login attempts.

August 2018

August 27, 2018

  • Gigya's OpenID Connect offering now supports custom scopes and claims. 

August 13, 2018


July 2018

July 25, 2018

  • You can now define entitlements to which a user can grant consent. These entitlements are linked to a specific consent statement. For example, a user can agree to the terms of a contest, and as part of that consent, agree to share their data with a raffle ticket provider (one entitlement) but not with the promotions department (separate entitlement). 
  • In the Consent History tab of Identity Access, you can view the entitlements associated with a consent interaction.

  • In the Consent Vault, the following were added: 
    • A record of the entitlements associated with the consent interaction
    • User Action Timestamp. While it will usually be identical to Timestamp (UTC), the user action timestamp is used to differentiate in import scenarios between the time the record was added to the system, and the original time at which the consent interaction took place. 

July 15, 2018

  • New Audit Log tab added to Identity Access, for viewing audited actions within the context of the user's profile. This replaces the Account Audit Log, which was to be found in the Admin tab of the Console.

July 3, 2018


  • New integration with DocCheck uses Gigya's social login to authenticate medical professionals. 

UI Builder

  • Improvements to the Array Manager ensure a much smoother flow in the UI Builder, when adding and mapping the widget. 

July 2, 2018

  • New limitation placed on several Email Templates placeholders, to discourage spam abuse of Gigya's platform:
    • Maximum length of 30 characters
    • Period characters are replaced by a visually-identical unicode character, to prevent planting clickable links in placeholders 

June 2018

June 26, 2018

Identity Access

  • If your site implementation includes Customer Consent, a new Consent History tab displays an audit of the consent transactions captured for this user, in a user-friendly timeline format.


  • New addResponse parameter in datasource.write.gigya.generic enables including Gigya's API response in the output file, which can then be used in a later step. 
  • You can now connect the generic writer (datasource.write.gigya.generic) to a next step that follows a successful run, and not just a failed one.


June 20, 2018

Consent (Enterprise Preference Manager)

  • User deletion is now captured in the Consent Vault (in addition to the Audit Log). The action is recorded as "Deleted" and the ID of the action is "Right to be forgotten". 

June 6, 2018

Consent (Enterprise Preference Manager)

  • A new verifyLoginInterval parameter in the WebSDK Configurationobject allows you to periodically check the validity of the user account, and automatically log out users whose consent is no longer valid after a consent version update. This ensures that users who have an active long-lived session (“Remember me”), will be asked to re-consent when the active version of a mandatory consent statement changes.


  • You can now use FunCaptcha as a CAPTCHA provider in your login and registration screens, instead of Google. This is especially useful as an added security measure in countries that do not allow using Google’s solution, such as China. Note that this integration requires a FunCaptcha subscription.

June 3, 2018

Enterprise Preference Manager

  • You can now extend the consent statement by defining custom key-value pairs of data for each statement. The consent custom data will be available on the account (when calling or accounts.getAccountInfo), and will be audited in the consent vault

May 2018

May 28, 2018

Identity Access

  • If your site package includes Enterprise Preference Manager, you will have access to the Privacy Tab, which displays the user's consent status to your site's terms of service, privacy policies and other consent statements.

May 13, 2018

Language Support

  • Support added for 3 additional languages on Gigya screens and SDKs: Latvian, Lithuanian and Estonian. This includes default translations for all screen-sets, and localized user-facing error and information messages. For more information on localization, see UI Builder Localization and Advanced Customizations and Localization

May 7, 2018

Identity Access

New actions added to the Identity Access user management dashboard: 

  • Remove Identities: Remove a social or federated identity from the user's account. After removal, the user will not be able to log in with that identity, and data from that source will be deleted. 

  • Reset TFA Devices: Reset the devices used as the second factor for authenticating the user. In their next login, they will need to register a device.

  • Force TFA Expiration: Force the user to provide second-factor authentication the next time they log in.

April 2018

April 29, 2018

Audit Log

Identity Access


  • You can now stop a job mid-run, by hitting the Stop icon in the Job history window: 
  • The inferColumns parameter was removed from file.format.dsv, as column names are inferred automatically, or set manually using the columns parameter. 

April 25, 2018

Identity Access

  • You can now unlock an account that was locked out because they triggered an RBA policy (for example, had 3 unsuccessful login attempts). 

April 15, 2018

Risk Based Authentication

  • If you are using two-factor authentication as part of RBA, you are now required to provide your Twilio credentials in the RBA configuration page. For more information, see Twilio Credentials for Mobile Authentication

April 10, 2018

Social Provider Configuration

  • When configuring social providers, you now have the option to allow only secure (HTTPS) redirects. When choosing this option, you should also make sure your social provider apps are configured to use HTTPS redirect URIs.

April 2, 2018

Enterprise Preference Manager

  • You can now display to users the reason why their personal data is being collected (Purpose), and include a document URL to the statement to which they are agreeing. These can be displayed in any of the supported languages. For more information, see Consent Management.

March 2018

March 26, 2018

Identity Access


Identity Access has a new design. The new dashboard provides administrators and customer service teams with a holistic view of customer profiles, and the ability to manage customer experiences. This update includes:

  • Smoother admin flows, with information arranged logically by tabs (profile, preferences, loyalty)
  • Friendly design with intuitive behavior
  • New capabilities include:
    • Main user list includes both lite and full users
    • Filter for users by their registration status or email ownership
    • Search for users by their full name
    • Perform quick actions from the main page, without having to go into individual profiles: verify an email address, resend a verification email, send a reset password email, and disable / enable login.
    • Manage complex objects and arrays: add new arrays of data to a profile, assign values to existing objects, or delete values.
    • Manage subscription tags
    • Easily move between accounts without the need to go back to the main list

Enterprise Preference Manager

  • You can now add tags to consent objects by using the metadata control in the UI Builder. These tags will be displayed in the Consent Vault for the relevant consent action.

March 21, 2018

Risk Based Authentication

  • Risk Based Authentication now also processes login attempts made by unknown (non-registered) accounts, where previously it only processed information of known (registered) accounts.

  • You can now customize the sender name and message that are sent in an SMS message when two-factor authentication is triggered. For more information, contact your Gigya Customer Engagement Executive.


March 6, 2018


  • Permissions to run an IdentitySync job are now granted automatically on the worker, for partners and users with the relevant permissions. 
  • When creating custom scripts using the record.evaluate component in IdentitySync studio, you can now expand to full-screen mode for easier code editing: 

February 2018

February 26, 2018


  • When reviewing the details of a job in the Job History page, you can now sort by each one of the step metrics (e.g., by duration, step name, number of errors). 
  • New newsletterField in datasource.write.silverpop enables writing to Silverpop's built-in status field, rather than to a custom field. 
  • Updated Silverpop templates in IdentitySync studio use newsletterField by default. 

February 18, 2018


  • Partner ID and API key added to the email notification sent after a job executes. 

January 2018

January 29, 2018


  • You can now use IdentitySync to copy accounts from one Gigya site to another. For more information, see IdentitySync.
  • New step metrics for advanced debugging and monitoring of dataflows that fail or take a long time to execute. For more information about monitoring dataflows, see IdentitySync.

January 24, 2018

  • Support for using Google’s reCAPTCHA v.2 in login screens. If you are using reCAPTCHA v.1, you should migrate to v.2 before March 31, 2018. For more information, see CAPTCHA.

  • Due to low adoption, we are sunsetting the iRank parameter. It will be returned so as not to break existing implementations, but the value will always be zero. The affected APIs are:

January 15, 2018


For more information on IdentitySync releases, see IdentitySync Change Log.

  • IdentitySync Studio can now be opened in full-screen mode. 
  • Status column added to the IdentitySync scheduler, displays a status of "busy" or "ready". 
  • Step parameters in IdentitySync Studio now include a link to the developer's guide, and tooltips on hover: 
  • New consent parameter added to to be used in implementations of Enterprise Preference Manager. Enables retrieving only users with a given consent status (valid, expired, or not granted).
  • New component, datasource.write.hybrismarketing, for writing user data directly to the SAP Hybris Marketing platform. For more information, see Hybris Marketing
  • New action and sync_fields parameters in datasource.write.silverpop support choosing the method for handling existing user data, and specifying a unique ID for rows in Silverpop. 
  • Bug fixes

January 9, 2018

Enterprise Preference Manager

Customer Consent is Gigya's offering for managing user privacy, preferences and consent in a way that is transparent to the user, while helping you uphold rigorous standards so as to support your compliance with international privacy regulations. 

  • Flexibly create site policies (terms of service, privacy policies and other consent statements) and manage their versions.
  • Manage communication preferences.
  • Consent is enforced as part of the site flows (required at registration, when a version changes, and in SSO groups where site policies differ), and in downstream applications using IdentitySync, Gigya's ETL platform.
  • Use Gigya's profile screens to create a preference center: Give users control over their personal data, display the policies to which they agreed, and allow them to manage their communication preferences.
  • Consent is recorded in a tamper-proof Consent Vault.

Account Audit Log

  • New user-friendly audit log that displays a timeline of events audited per a given account (UID).

UI Builder

  • New Privacy and Communication profile screens added to the Update Profile screen set, used to create a preference center for registered users.
  • New consent widget displays to users the name of the policy to which they agreed and the date they signed it.
  • You can now display the value of any field (e.g., profile.firstName) in a Gigya screen.

Social Provider Support

  • Gigya's Social Login now supports logging users in with Kakao and Naver, to better support market presence in Korea and other areas of Asia. 


November 14, 2017

November 14, 2017

  • The UID parameter was added to Email Accounts, enabling tracking the account progression (from Lite to full accounts) and a more consistent user experience.

    This parameter or feature is part of our Early Adopters Program. To find out if you are eligible for participation, contact your Customer Engagement Executive by filling out a support form. You can access the support page by clicking Support on the upper menu after logging into your Gigya Console

  • New subscriptionUpdated webhook is fired when the status of a subscription changes (subscribed / unsubscribed, or a change in the double opt-in status). 

    This parameter or feature is part of our Early Adopters Program. To find out if you are eligible for participation, contact your Customer Engagement Executive by filling out a support form. You can access the support page by clicking Support on the upper menu after logging into your Gigya Console

October 2017

October 31, 2017

  •  New Array Manager widget in the UI Builder enables adding dynamic arrays to Gigya screens that store complex objects, provides great flexibility in the type and quality of data you can request from your users. 

October 24, 2017

  • New home page of Gigya's Console includes the option to add up to 10 tags to each site, for locating your sites easily and quickly in multi-site installations. For more information, see Site Setup.
  • In the UI Builder, new Input Type property for Textbox controls, supports all HTML5 input types, and displays the relevant control (e.g. date selector) both on desktop and on the mobile keyboard.. 

October 18, 2017

  • Custom data fields can now be deleted via the Schema Editor

    This parameter or feature is part of our Early Adopters Program. To find out if you are eligible for participation, contact your Customer Engagement Executive by filling out a support form. You can access the support page by clicking Support on the upper menu after logging into your Gigya Console

  • In the Screen-Sets page of Gigya's Console, you can now see a metric that reflects registration conversion rates, i.e., what percentage of users who started a registration flow, completed it successfully. You can read our Registration Conversion Best Practices for tips and recommendations for raising conversion rates. 

    This parameter or feature is part of our Early Adopters Program. To find out if you are eligible for participation, contact your Customer Engagement Executive by filling out a support form. You can access the support page by clicking Support on the upper menu after logging into your Gigya Console

October 9, 2017

Data Field Deletion

  • You can now delete custom data fields from the accounts and Data Store databases, using an API call. 

    This parameter or feature is part of our Early Adopters Program. To find out if you are eligible for participation, contact your Customer Engagement Executive by filling out a support form. You can access the support page by clicking Support on the upper menu after logging into your Gigya Console

September 2017

Version 7.4 - Released on September 25, 2017

Scoped Data Access

  • You can now assign data permissions on the field-level to user groups.

    Scoped Data Access is a new feature and released under an Early Adopters program. If you would like to make use of this feature please contact your Customer Engagement Executive.

Subscription Management

  • Double Opt-In: You can now require your subscribers to confirm their subscription via email, to ensure compliance with anti-spamming policies and German and Canadian legal requirements, and provide users with a better experience. Supported for both full and lite registrations.

    Double Opt-In is a new feature and released under an Early Adopters program. If you would like to make use of this feature please contact your Customer Engagement Executive.

  • New accounts.importLiteAccount API for importing Lite Registrations and aubscriptions supports writing the value of the timestamp in the lastUpdatedSubscriptionState parameter, thus expanding support for various subscriber import requirements.

UI Builder

  • New  onBeforeValidation event is called after a user submits a form, and before Gigya's built-in field and form validations, for creating custom field validations.

Recently Released SDKs

Other Platform Enhancements

  • You can now create your own custom regex for validating fields in Gigya registration forms.
  • New ds.getTypes API for returning all the types defined in the DS schema, so that you can view the schema structure of your Data Store.
  • New accountLockedOut webhook event is fired when an account is locked out as a result of login attempts that were labelled as risky by RBA.


August 2017

August 14, 2017

Schema Editor

August 9, 2017

Invisible ReCAPTCHA 

  • Support for including an Invisible reCAPTCHA widget in registration screens. For more information, see CAPTCHA

July 2017

July 12, 2017

Configuration Copy Tool

June 2017

June 28, 2017

Screen-Set Version Control 

  • New panel for managing screen-set versions, including user and timestamp for each change. This allows greater auditing capabilities, and the option to rollback changes by reverting old versions, and/or opening them for editing.

Screen-Sets on Child-Site Level 

  • Within a site group, you can now create separate screen-sets for child sites, independent of the parent site. This allows agencies and third parties to manage screen-sets for a child site without requiring access to the parent site.

Version 7.3 - Released on June 26, 2017

Lite Registration

Lite Registration enables your customers to sign up in a passwordless flow to subscribe to newsletters, or to receive added value (such as voting, unlocking content, contest participation, etc.) without completing a full registration flow. 

  • A new LiteRegistration screen-set is created and can be edited in the UI Builder whenever adding a new screen-set collection. 
  • New isLite parameter added to accounts.initRegistrationfor indicating that a newly created account is a Lite Account. This returns a dedicated regToken, that can then be passed to accounts.setAccountInfo to create a Lite Account.
  • New isLite parameter added to accounts.setAccountInfo for admins to use when importing lite accounts.

Subscription & Preference Management

  • New Subscription object for capturing and managing newsletter subscription information.
  • New subscriptions parameter added to accounts.setAccountInfo for passing the subscription object.
  • New subscriptions option for the include parameter added to accounts.getAccountInfo for retrieving the user’s subscription status.
  • Added support in accounts.setSchema and accounts.getSchema APIs for setting and getting subscription data.
  • Subscriptions data updates both full accounts, and Email Accounts (see below).

Email Accounts

  • A new entity, Email Accounts, merges identity information from Lite and Full (registered) accounts, as well as subscription data, using an email address as the identifier.
  • New view toggle added to Identity Access, to toggle between a UID-based view, and a (new) email-based view.
  • You can now use to retrieve email account information, including Profile, Data and Subscription objects.
  • Includes indication of the type of accounts associated with the user, with the Boolean fields hasFullAccount and hasLiteAccount.

UI Builder Localization 

  • You can now localize your screen-sets via the UI Builder. The new localization canvas is a centralized system for managing all your localizations, and includes support for up to 44 locales, with 15 full locale translations provided out-of-the-box by Gigya.uiBuilderLocalization.png  

Schema Editor  

  • Gigya's Schema Editor allows you to interactively edit your site's schema via the Gigya Console.


New onSubmit Event

  • New onSubmit event fired when users submit a Gigya screen (after onBeforeSubmit and before onAfterSubmit). The new event allows you to modify data before it’s submitted to Gigya’s servers, enabling asynchronous handling of your data.


May 2017

May 22, 2017

Android SDK

  • Bug fixes

May 17, 2017


April 2017

April 30, 2017

UI Builder

  • Localization canvas for managing translations of a given screen-set. This enables one screen-set to support multiple languages, rather than creating individual screen-sets per target language. 

Version 7.2 - Released on April 05, 2017

SSO Segments

Global Configuration in the Console

  • WebSDK Configuration can now be created, saved and edited within Gigya's Console, and includes built-in mobile support.

Javascript Editor in UI Builder

  • New JavaScript editor within the UI Builder allows you to set event handlers, define custom buttons and more, for a specific screen-set. Includes built-in mobile support.


  • Added Subscriptions option for facilitating newsletter sign-up when mapping fields in the UI Builder
  • New accounts.unsubscribe API for unsubscribing users from newsletters. 

Miscellaneous Changes

  • It is now possible to override master configurations in child sites regarding CAPTCHA requirement for new registrations. 
  • You can now update comment sender data after a comment has been posted, allowing you to preserve sender information (such as photos) when migrating between servers.
  • Added support for sharing images to VKontakte.
  • The OpenId Connect Relying Party (OIDC RP) redirectUri has been changed.
  • The socialize.exportUsers API is being deprecated. For more information, see Changes That May Require Your Action.

Version 7.1 - Released on February 06, 2017

JSON Web Token (JWT) Support

Risk Based Authentication (RBA)

  • New Console UI to simplify RBA configuration
  • Network Protected Identity (NPI): a new feature of Risk Based Authentication (RBA) which leverages data gathered on suspicious login attempts from Gigya's ~1 billion users to increase security.  

OpenID Connect (OIDC)


UI Builder

  • Changed dialog when making changes that cause a schema update, now shows details of the change in JSON format, so as to update existing screen-sets with greater ease. 
  • New image control for adding an image to any screen. 

Web Content Accessibility Guidelines (WCAG)

  • Enhancements to support WCAG compliance, e.g., looped tabbing within a Gigya screen for better keyboard control, added screen-reader support.

Miscellaneous Changes

  • Updates to icons in the Share Bar based on latest branding guidelines from social networks, including Facebook, Google Plus, Linkedin, Twitter, and Microsoft.

  • Identity Access default search now also includes the username, in addition to the email, UID and first or last names.

Unable to render {include} The included page could not be found.





You can now create a dataflow based on an "Empty" template, that is not pre-populated with steps.