Cookie Policy

Last updated : September 30th 2025

This Cookie Policy explains how the Access Group ("Company," "we," "us," and "our") uses cookies and similar technologies to recognise you when you visit our websites at https://identity.accessacloud.com/ ("Websites"). It explains what these technologies are and why we use them, as well as your rights to control our use of them. In some cases, we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.


What Are Cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information. Cookies set by us are called "first-party cookies". Cookies set by parties other than us are called "third-party cookies". Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognise your computer both when it visits the website in question and also when it visits certain other websites.


Why We Use Cookies?

We use first and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our websites to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our website. Third parties serve cookies through our website for a variety of purposes. This is described in more detail below.


How can I control cookies?

You have the right to decide whether to accept or reject cookies. You may set or amend your web browser controls to accept or refuse cookies. As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information. The specific types of first and third-party cookies served through our websites and the purposes they perform are described in the table below.



Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Cookie Name Usage Reason
Identity.Application.session, Identity.Application These are standard ASP.NET Core Identity cookies used for maintaining user authentication sessions. They store authentication tickets and session state for logged-in users.
Identity.ReturnUrl Used to store the URL to redirect the user after login or authentication. Ensures users are returned to their intended destination after authentication.
Identity.TwoFactorRememberMe, Identity.TwoFactorUserId Used for two-factor authentication (2FA) flows. RememberMe stores the user's choice to skip 2FA on trusted devices; TwoFactorUserId tracks the user during the 2FA process.
Identity.External Used during external (federated) authentication flows. Temporarily stores information about external login providers (e.g., Google, Microsoft).
Identity.Amr Used to store Authentication Method Reference (AMR) claims. Tracks how the user authenticated (e.g., password, 2FA).
Identity.AntiForgery Anti-forgery (CSRF) token storage. Protects against cross-site request forgery attacks.
Identity.PasswordCheckupState, Identity.PasswordCheckupRequired Related to password health checks or forced password changes. Tracks if a password checkup is needed or in progress.
Identity.Recaptcha Used for CAPTCHA/Recaptcha validation. Tracks Recaptcha state to prevent automated abuse.
Identity.Confirmation Used for email or account confirmation flows. Tracks confirmation state during registration or email verification.
Identity.Bearer, Identity.BearerAndApplication Used for bearer token authentication (API access). Stores tokens for API authentication.
WebAuthn.AssertionOptions, WebAuthn.SecondFactor, WebAuthn.Registration Used for WebAuthn (FIDO2) authentication flows. Store state for passwordless and second-factor authentication.
Identity.Oidc.Correlation.* Used for OpenID Connect (OIDC) correlation. CSRF protection.
Identity.Oidc.Nonce.* Used for OIDC nonce values. Prevents replay attacks during OIDC authentication.
Identity.Microsoft.Correlation.\*, Identity.Microsoft.Nonce.\* Used for Microsoft authentication flows. CSRF protection and nonce values for Microsoft identity providers.
Microsoft.AspNetCore.* General ASP.NET Core cookies related to Microsoft identity. Manages authentication state, correlation, and nonce values for external providers.
.AspNetCore.Correlation.* This cookie is set by ASP.NET Core when using external authentication providers. Ensures the authentication response matches the request that initiated it, preventing CSRF.
Identity.Xero.Correlation.\*, Identity.Xero.Nonce.\* Used for Xero authentication flows. CSRF protection and nonce values for Xero identity provider.
Identity.EmailRememberMe Used to remember the user's email address on the login page. Improves user experience by pre-filling the email field if the user opts in.
Identity.Actor Used to store the identity of the user or actor in federated or delegated authentication scenarios. Advanced authentication scenarios involving delegation or impersonation.
Identity.TestFederationResult, Identity.TestFederation Used for testing federation scenarios. Stores results or state during testing of federated authentication.
Identity.Branding Used for client branding (e.g., theming, logos). Stores branding preferences or client-specific UI settings.

How often will you update this Cookie Policy?

We may update this Cookie Policy from time to time to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reasons. Please therefore re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies. The date at the top of this Cookie Policy indicates when it was last updated. Where can I get further information? If you have any questions about our use of cookies or other technologies, please email us at access.dpo@theaccessgroup.com


Managing Cookies


Browser Settings

  • Chrome: Settings > Privacy and Security > Cookies and other site data
  • Firefox: Options > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Cookies and website data
  • Edge: Settings > Cookies and site permissions > Cookies and site data

Note: Disabling certain cookies may affect website functionality and your user experience.