Notice: As of January 2017, recommend using our SAML Identity Provider Configuration instead of Outgoing SSO. Support for Outoing SSO may be removed at some point in the future.
The Outgoing Single Sign-On (SSO) API allows your users to seamlessly and securely log into external applications from within Channeltivity without having to enter a username or password. Please submit a ticket to find out more. This article explains how Outgoing SSO works and outlines implementation steps.
How Outgoing SSO works
Outgoing SSO is fairly straightforward but will require a developer to implement. Here is how a user would log into an external web application via Channeltivity:
- The user logs into your Channeltivity portal using their email address and password.
- Within your portal, the user then clicks the link to a special login page on your external application. The link can be configured to include the user's email address and Channeltivity session ID by editing the Custom Page and adding placeholders to the link on Admin > Settings > Menu & Page Manager, this will create a link similar to:
- Once the user lands on your login page, your application will need to call the Channeltivity Outgoing SSO API in order to verify that the user is authorized, passing the email address and session ID. Our API will report back whether the session is valid. Your application will then authorize the user and allow them to use the application. (This is what you'll have to develop.)
Depending on your preferences, your application can either run within an IFrame, in its own window or linked from the Resource Library.
How to implement Outgoing SSO
Follow these steps to implement Outgoing SSO with Channeltivity:
- Send us a support ticket asking us to enable Channeltivity's Outgoing SSO API, which is available on our Enterprise plans.
- Once the Outgoing SSO API is enabled, we will send you an API key and a WSDL file that describes the API. We're in the process of upgrading all our APIs to use REST or pure XML, but at this point the Outgoing SSO API is only available as a SOAP web service.
- Referencing the Channeltivity WSDL in your project, implement the call to CTVTSecurity.Authenticate(APIKey, Email, SessionID) on the SSO login page of your application. If you’re using C# .NET, you may want to use the following code snippet:
string apiKey = "..."; // get this from Channeltivity
string email = "..."; // this is provided to you in the url
string sessionId = "..."; // this is provided to you in the url
CTVTSecurity sec = new CTVTSecurity();
bool isLogged = sec.Authenticate(apiKey, email, sessionId)); // test whether a user is logged in
// if isLogged is true, create a new local session for the user
- Using the Page & Menu Manager (found in Admin -> Settings), add a Menu Item that points to the URL to your Channeltivity API login page and include the placeholders for email and session ID. You can have your application open in a new tab or display within Channeltivity's layout as an IFrame. You can also add a new Link to the Library and add the SSO placeholders there.