Single sign-on (SSO) is a centralized authentication service that enables a user to use a single set of credentials to securely log in to multiple applications and websites. This prevents the need for the user to log in separately to the different applications. User credentials and other identifying information are stored and managed by a centralized system called Identity Provider (IdP). The Identity Provider is a trusted system that provides access to other websites and applications.
In order for SSO to work, most applications rely on open standard protocols to define how IdPs communicatie identity and authentication information with one another. DecoNetwork supports the following protocols:
- JSON Web Token (JWT)
The token, containing identifying information about the user, is sent to the identity provider as part of a request to authenticate the user. With JWT, a user is automatically verified with the identity provider when they sign in and is allowed access to DecoNetwork without being prompted to enter separate sign-in credentials. You can learn more about JWT here.
- OpenID Connect (OIDC)
OIDC is a simple identity protocol that is built using the OAuth 2.0 protocol. It allows client applications to verify the identity of the end-user and obtain profile information using an OpenID Connect Provider (OP). OIDC uses JWT tokens to authenticate the user. To obtain a token, the client needs to send the user to their OP with an authentication request. You can learn more about OIDC here.
DecoNetwork uses a protocol called JSON Web Token (JWT) to authenticate the user. The token, containing identifying information about the user, is sent to the identity provider as part of a request to authenticate the user. With JWT, a user is automatically verified with the identity provider when they sign in and is allowed access to DecoNetwork without being prompted to enter separate sign-in credentials. You can learn more about JWT here.
The SSO feature is available for integration with DecoNetwork on Enterprise plans via the SSO API. In order to implement SSO on your account, you need to add the SSO API app to your account. You will also need to enable the Single Sign-on feature on your website. Click here for instructions on how to enable the SSO feature. You will then need a developer to build the integration.
- You must have Administrator permission to use this feature.
- You must be on the Enterprise plan
- Programming experience is required to implement SSO on your website
To Enable the Single Sign-On API App:
- Log into your DecoNetwork website.
- Browse to Admin and select the yellow + Apps Store button at the bottom of the Main Menu.
- Click Add now on the Single Sign-On API app.
We are new Deco user and we have external web shop. We are using Deco designer with iframe. We have noticed that at the moment our customers have issues to save their designs and logos because they would also need to make account to our Deco site and they then need to find those there. It is not good customer experience now. We found out from support that this Single Sign-On Api would maybe help us to solve this issue.
Is there more instructions for our developer to build integration? He is not familiar to this, but if we could have more help, please.
According to their documentation, OKTA does not support JWT. OKTA supports the OIDC and SAML protocols which, unfortunately, DecoNetwork does not currently support.
You can find more information here.
Hi Lee - Can the JWT be generated by the identity provider (as in OKTA)? I've upgraded to enterprise and am trying to onboard with a multinational but their engineers are having trouble doing the integration via OKTA. Any help would be greatly appreciated or if there was someone with the expertise to help me do this even better.
Please sign in to leave a comment.