ConsentMark
Free Scan
G
SecurityHigh complexity

Gigya

by SAP (Gigya)

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
Yes
Sends PII
No
Cross-site tracking
No
Consent required
Functional
Cookies
gig_canary

Overview

Gigya (SAP Customer Data Cloud) is an identity and access management platform providing user registration, login, social authentication, and profile management. It loads JavaScript from regional Gigya CDN domains and communicates with SAP-hosted APIs for session management and identity resolution.

Detection capabilities

Signature count
1
Detection methods
network
Property types
hostname

Performance impact

Performance Impact

Script size
120 KB
Requests per page
2

Common mistakes

  • 1Loading the full Gigya SDK on every page rather than only on pages with login or registration forms, increasing unnecessary third-party requests
  • 2Assuming Gigya is strictly necessary because it handles login - social login is not essential when alternative authentication methods exist (email/password)
  • 3Not configuring Gigya's data centre region to match user geography, causing unnecessary cross-border data transfers
  • 4Failing to account for Gigya's social login providers (Facebook, Google) which introduce additional third-party tracking when invoked
  • 5Not including Gigya in cookie declarations because it is perceived as authentication infrastructure rather than a third-party service

Compliance considerations

Gigya loads from third-party domains (gigya.com) and sets cookies for session management. While authentication is functional, it is not strictly necessary when alternative login methods exist.

Social login integration: When users authenticate via social providers (Google, Facebook, Apple), those providers' tracking scripts may execute. Each social provider should be independently assessed and declared in the CMP.

Data residency: Gigya operates regional data centres (EU, US, AU, CN). Ensure the configured data centre matches the organisation's data residency requirements. EU sites should use eu1.gigya.com endpoints.

SAP acquired Gigya in 2017. SAP SE is incorporated in Germany and self-certified under the EU-US Data Privacy Framework.

CMP configuration: Categorise under functional consent. Gigya should not fire before consent is granted unless the organisation can demonstrate it is strictly necessary for a service explicitly requested by the user.

Related services

Google reCAPTCHA

Google

SecurityLow risk

3 detection signatures

Human Security

human-security

SecurityLow risk

5 detection signatures

Obscurity Tag Monitor

obscurity

SecurityLow risk

2 detection signatures

Scan your site for SAP (Gigya)

Run a free Consentmark scan to see how SAP (Gigya) is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan