Hi,
It would be very helpful to manage the SSO through the API, basically:
- Get the SSO Key
- Generate the SSO Key
It s specially useful for environments that are automated using SaaS because now you have to manually generate and retrieve the key and we cannot automate that part.
Thanks
Hello
Thanks for your idea! Generally, with Custom SSO, you only generate the SSO key once per account, so it isn't an ongoing change. In a partner/client account, there the custom SSO is done at the partner level.
Can you tell us more about how you want to use SSO?
The Klipfolio support team may have some good examples to share. You can reach them at support@klipfolio.com or I can open a ticket with the team.
Thanks!
Meggan
Hi,
We use AWS cloudformation to deploy our architecture as a SaaS. As part of the automation we create a new customer in Klipfolio and we would like to activate the SSO and get the SSO Key that is injected in our application so every time a user wants to access to Klipfolio through our app automatically does the log in in Klipfolio behind the scenes and then access to it. Right now we need to set up the SSO manually, store the SSO key in a safe place and then redeploy our app in order to pick up that value during the boot phase. We can live with that but it would be nice to take advantage of the SaaS flow and not having manual actions during the whole process. Thanks, regards.
Hello
So these new customers will not be associated with your account in Klipfolio? They will be completely independant accounts? There may be a better approach we could suggest for this type of set-up. With the Partner/Client options, the accounts could be connected to yours and benefit from the simplified SSO, plus any other dashboard building you'd like to do for them. The individual accounts can be direct billed - and pay Klipfolio, or billed through your account.
If you'd like to talk more about your options, we'd be happy to put you in touch with the success team here. I have also captured your feedback and request for suggested new API improvements.
Thanks!
Meggan
Hi,
Yes they are part of the account and we are actually using SSO with the Partner/Client model you provide. The thing is that every time we create a new client we need to log in through the web browser, generate a SSO Key for that client and copy it elsewhere because we use it to do SSO behind the scenes in our application. If we had access to that SSO Key through the API (generating it and retrieving it) we could automate that part as well so we don't have to do the manual steps (using a web browser) to handle the SSO key. That's why including that functionality in the API would be beneficial for us.
BR.
Thanks for the details! Just to let you know, with Klipfolio's custom SSO you do not generate an SSO key per client. This is not how our custom SSO is configured, however, if you'd like to speak more, please reach out to support! support@klipfolio.com
Meggan
Hi Meggan,
I'll talk to support to avoid creating a key per customer, I was mistaken in the way I was implementing it then.
Thanks!
Hi - I got your ticket and replied. Once we have you up and running, I'll post the how-to here so we can use it to help more people!
Thanks
Meggan
Here is our how-to for any partners using Custom SSO set-up for their clients:
First, set up Custom SSO in your main account. Keep track of the SSO Secret Key and Company Id. You'll need these when generating the SSO token for each of your users.
If you are using sample code, for example, I use C#, grab it from here:
https://support.klipfolio.com/hc/en-us/articles/215634338-Implementing-single-sign-on
I use this service to run code online to generate the individual SSO tokens using C# https://ideone.com/
I modify the main section to have the details:
My main section is this
static void Main(string []args)
{
ssoKey = "f1755aa4968eb3556fa420b2f39a079f3fasdfdasf";//Your SSO Secret Key
klipfolioCompanyId = "d05e7217ee6fa78738956792asdfasdf";//Your Main Klipfolio Company ID
//User Details and External ID
string userDetails = @"{""expires"":""1577797199"",""email"":""mking+client1@email.com""}";
Console.WriteLine(create(userDetails));
Console.ReadLine();
}
In this my SSO key and company id are from my main partner account. The epoch time for expiry is the end of this year and the email for a user from my client account.
The C# generates the user SSO token.
Now, you can use our online testing to check if you can sign in with the user token using this http://jsfiddle.net/mpriatel/7Dxg5/
In the example put in the SSO token you just generated, plus the Main Klipfolio Company ID (not the client id).
You can then sign in directly into the client account.
If you have a custom domain, temporarily change the online testing tool at JSFiddle to be your custom domain. Test the log in and log out to make sure you are redirected to the custom domain.
Solved! Thanks!