How to enable SSO for your application

Background

SSO provides a better experience for your customers if they want to leave feedback for your app. Usually to submit feedback, users will have to create an account on Makerkit. This allows them to comment on feedback, and well as up vote features that they want.

If they already have an account on your system, getting them to create yet another account is not a create user experience for your users.

To solve this issue, we've implemented single sign-on. This allows you to login your users into Makerkit transparently using the user's existing account on your system.

From your user's perspective, this is a seamless experience.

To enable Single Sign-On

Note: SSO is only available on the paid plans.

Goto settings click on 'Single Sign-On' and click on the button labelled "Generate Single Sign-on token".

This will create your secret token and app id which you will need to integrate SSO.

The SSO Process

The process of implementing SSO works like this:

  1. Store a copy of the secret token on your server. Do not share this with anyone.
  2. Generate a userHash for the current user on your server. This is a HMAC of the user's unique ID and email address
  3. Log the user into Makerkit using our JS SDK.
  4. When the user visits your portal, they'll automatically be logged in.

Generating the userHash HMAC

You'll need to generate a HMAC on your server using the secret token. The token is generated using your user's ID and email address.

Below are examples of how to do it in different languages

In python 3+

import hmac
import hashlib

user_id = 100 # your user's unique id 
email_address = "nick.f@shield.gov" # email address of your user

user_hash = hmac.new(
  'YourSecretKey', # secret key (keep safe!)
  '{}{}'.format(user_id, email_address), # concat user id and email address
  digestmod=hashlib.sha256 # hash function
).hexdigest()

In ruby:

OpenSSL::HMAC.hexdigest(
  'sha256', # hash function
  'YourSecretKey', # secret key (keep safe!)
  current_user.id + current_user.email_address # user's id and email address concated
)

Login the user using the Makerkit javascript SDK

At this point, you've generated the userHash server side, now you'll need to send it to your frontend app so that you can login the user.

First step is to include the Makerkit SDK into your app:

<script src="https://platform.makerkit.co/sdk/js/v1/sdk.js" />

Then call the auth* method on the SDK with your user's details to create a user session on Makerkit.

window.Makerkit("auth", {
  userHash: 'YourGeneratedUserHash',
  userId: 100,
  emailAddress: 'nick.f@shield.gov',
  name: 'Nick fury',
  appId: 'YourAppID'
}, function(response) {
  // redirect here, or do something else
})

The userHash, userId, emailAddress, name and appId are all required fields.

Once called, your user will have a valid user session in your portal. The user can be redirected to the portal at this point, or they can visit the portal in their own time.

Help

If you run into any issues setting up SSO for your account, get in contact with us at support@makerkit.co and we'll be happy to help!