Docs
[IAM]

Hosted Login

Hosted Login is the PLTFRMS-managed authentication experience that allows users to securely sign in to applications using IAM without the need for each application to implement its own login system.

It is built on top of OpenID Connect and is fully integrated with realms, organisations, roles, and OAuth2 flows.

What is Hosted Login?

Hosted Login is a central authentication interface provided by IAM where:

  • Users authenticate once per session
  • Identity is validated via OpenID Connect
  • Tokens are issued securely by the IAM system
  • Applications delegate login and session handling to IAM

It acts as the entry point for all authentication flows in PLTFRMS.

How Hosted Login works

When a user attempts to access an application:

  1. The application redirects the user to Hosted Login
  2. IAM identifies the correct Realm and context
  3. The user authenticates (password, MFA, or external provider)
  4. IAM issues an OpenID Connect ID token and OAuth2 access token
  5. The user is redirected back to the application

All authentication is handled centrally by IAM.

Realm-based login experience

Hosted Login is fully realm-aware.

This means:

  • Each realm can have its own login configuration
  • Branding and styling can be customised per realm
  • Authentication policies can differ per realm
  • Users are always authenticated within their realm context

This enables fully isolated identity experiences for different customers.

Custom domains

Hosted Login supports custom domains per realm, such as:

  • login.customer-a.com
  • auth.partner-domain.com

This allows organisations to fully white-label the authentication experience while still using PLTFRMS IAM infrastructure.

OpenID Connect integration

Hosted Login is fully compliant with OpenID Connect standards.

It supports:

  • Authorization Code Flow
  • ID token issuance
  • Session management
  • Token refresh flows
  • Logout handling

This ensures compatibility with standard identity-aware applications and services.

Security model

Hosted Login is designed with strong security controls:

  • Centralised authentication logic
  • No credential handling inside client applications
  • Short-lived tokens with strict validation
  • Support for MFA and additional authentication factors
  • Full audit logging of login events

This reduces the attack surface for all integrated applications.

Multi-application support

A single Hosted Login instance can serve multiple applications within a realm:

  • Web applications
  • APIs
  • Internal tools
  • External integrations

All applications rely on the same identity session where applicable.

Why Hosted Login matters

Hosted Login provides:

  • Centralised and secure authentication
  • Consistent login experience across all PLTFRMS products
  • Reduced complexity for developers integrating IAM
  • Strong isolation per realm and organisation
  • Full OpenID Connect compatibility

It ensures that authentication is never fragmented across individual services.