Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

Comprehensive and Intelligent Security

Ensure safety for your business and your most valuable asset — your customers — with Gigya’s industry-leading information security systems and practices.

Cybercrime is Rising in Both Frequency and Complexity, and It Won’t Stop

From enormous, bot-driven DDoS attacks to sophisticated account takeover fraud, the digital world has become a dangerous and unpredictable environment for businesses and customers alike. How can today’s enterprise increase customers’ security without degrading their experience, and can security go beyond user and site levels?

Choose a Provider Committed to Protecting Your Business’ Most Valuable Asset: Your Customers

Our platform helps today’s most sophisticated global enterprises manage customer relationships securely, with state-of-the-industry infrastructure, advanced authentication and authorization functions, data federation, NIST-approved encryption, and specialized protection against DDoS and account takeover attacks.

Get ready for GDPR

Do you hear that ticking sound? We sure do. The EU’s General Data Protection Regulation (GDPR) will be enforced on May 25, 2018, and penalties for non-compliance are harsh. Do you have a plan? If not, download our CIAM GDPR Readiness Toolkit to start planning now.

Security Features


Gigya’s Registration-as-a-Service (RaaS) solution features a variety of authentication methods and API security measures that enable a secure, best-fit customer experience and granular administrative control over data.

Learn more

Security authentication


Gigya supports data federation using the SAML and OpenID Connect (OIDC) protocols. For SAML federation, Gigya can act as either an identity provider (IdP) or service provider (SP), enabling single sign-on (SSO) and single logout (SLO) functionality between separate security domains. For OpenID Connect, Gigya’s technology partners can act as OpenID Providers (OPs), allowing third-party sites — or Relying Partners (RPs) — to authenticate their users against Gigya clients’ existing customer bases.

Advanced Access Control (Authorization)

Gigya gives console administrators granular control over individual users’ access rights and permissions. A robust permissions system enables administrators to create users by distributing user keys, grant those users permissions, and evaluate permissions for incoming requests. Permissions determine what API methods a user can call, what parameters they can pass and their valid values, and what types of logical operations are allowed. Permissions are scoped to particular partners or sites.

Network Protected Identity (NPI)

Gigya leverages the scale and connectedness of our system by monitoring the 1.2 billion identities managed by our platform and can deliver stepped-up security when we detect account irregularities, such as account takeover attempts.

Learn more

Security Network Protected Identity (NPI)

Information Security

Gigya’s information security and data privacy practices are ISO 27001:2013, ISO 27018:2014, and SOC 2 certified, to ensure that our information security management system and security practices will always be up-to-date with evolving global policies and regulations.

Information security certificates

Data Encryption

Gigya encrypts all sensitive information, such as PII and access tokens, with industry-standard encryption (AES256) before it is stored in any permanent storage system. Our clients can also define custom data fields as sensitive to have them encrypted as well. All data transfer is encrypted using Transport Layer Security (TLS) with select secured ciphers.

DDoS Protection

While it is impossible to guarantee complete immunity from DDoS attacks, Gigya has the ability, in case of attack, to switch over to a secondary location where malicious requests can be filtered and then directed back to the primary data center. We are also constantly looking for new ways to improve protection for our clients from these types of cyber attacks.

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.