Authenticate your users against an external system - e.g. a web service or enterprise identity provider.
User passwords are never stored on our platform when external auth is configured.
When logged into the web portal, navigate to Organization & Users>Organization Setup>Integrations>External User Authentication And Provisioning, and the following options will be available:
- REST
- Okta
- Azure Active Directory
- Ping Identity
Okta, Azure AD and Ping Identity require Enterprise ToolKit.
REST
When a user logs in on our website or apps, our system will receive the login request and ensure the user's email is registered on our platform.
Assuming the user email is found, our system will then transparently 'pass through' the login credentials to this external web service URL for authentication.
The external service MUST return a 200 HTTP status code to be considered authenticated by our platform; any other response will be deemed a login failure.
| Authentication URL | When a user logs in on our website or apps, our system will receive the login request and ensure the user email is registered on our platform. Assuming the user email is found, our system will then transparently 'pass through' the login credentials to this external web service URL for authentication. The external service MUST return a 200 HTTP status code to be considered authenticated by our platform; any other response will be deemed a login failure. The following placeholders can be used to inject user's identifier, login, organization ID and device operating system, name and IP address into the URL, headers and body: {{USERID}} {{USEREMAIL}} {{USERPASSWORD}} {{USEREXTERNALID}} {{ORGID}} {{DEVICEOS}} {{DEVICENAME}} {{DEVICEIP}} |
| HTTP Action | Select the request action (POST, PUT, GET) and Data As (JSON, URL Encoded, XML). |
| HTTP Auth Type | If your service uses HTTP Basic authentication, then you do not need to configure Headers or specify any placeholders in the Destination URL. Our system will automatically add the required headers and will encode the user's email and password onto the given URL. |
| Forgot Password URL | Login processes on our platform provide a 'Forgot Password' option for users to request a password reset via email. Our system will forward these password reset requests to the given external service URL as an HTTP GET action. The external service MUST return a 200 HTTP status code to be considered successful by our platform; any other response will be deemed a failure. The following placeholders can be used to inject the user's identifier, email, organization ID and device operating system, name and IP address into the URL: {{USERID}} {{USEREMAIL}} {{USEREXTERNALID}} {{ORGID}} {{DEVICEOS}} {{DEVICENAME}} {{DEVICEIP}} |
Okta
Please refer to Provisioning Users and Single Sign-On with Okta.
Azure Active Directory
Please refer to Provisioning Users and Single Sign-On with Azure Active Directory.
Ping Identity
Please refer to Single Sign-On with Ping Identity.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article