Single sign-on (SSO) is an authentication service that enables users to use a single set of credentials to securely log in to multiple applications and websites. This means that users do not need to separately log into different applications. Click here to learn how SSO works.
The Single Sign-on Settings page lets you enable SSO to be implemented on your website.
- You must add the Single Sign-On API app to your account in order to access the Single Sign-on Settings. Click here to see instructions on how to add the Single Sign-on API app.
- You need to employ the services of a developer to implement the SSO integration.
- You must have Administrator permission to use this feature.
- You must be on the Enterprise plan
- The Single Sign-on API app must be enabled
- Programming experience is required to implement SSO on your website
To Enable the Single Sign-On on Your Website:
- Log into your DecoNetwork Website.
- If you are the Fulfillment Center, browse to Admin > Websites.
Select Manage for the store you want to enable the API Settings on.
- Select Single Sign-on Settings.
- Tick the Enable Single Sign-on checkbox.
- Configure the SSO settings.
- Shared Secret: lets you specify a secret key that will be used to verify the JWT. The same key will be used for all JWT requests.
- Login Page: lets you choose whether to show the DecoNetwork Login page, hide the DecoNetwork Login page or specify the URL to an external Login page.
- Register Page: lets you choose whether to show the DecoNetwork Sign-up page, hide the DecoNetwork Sign-up page or specify the URL to an external Sign-up page.
- Token Timeout: lets you specify the expiration period of an SSO access token. The default duration is 30 minutes.
A link to the Single Sign-on Integration Help Page is available when SSO is enabled. This page contains a JWT Generator that tests the SSO integration by generating example tokens.
DecoNetwork supports the following JWT attributes:
Name Required Description iat Yes
Issued At unix timestamp (number)
JSON Web Token ID (stop replay attacks: if the token has already been used it is ignored.) (string)
Email of the user being signed in, used to find user if external_user_id is not passed (string)
first_name Yes The first name of the user
last_name Yes The last name of the user
external_user_id No If passed, this ID will be used to match the user in DecoNetwork. This will allow a change of email address (string) company No The name of the company to add the user to (string) phone No The phone number of the user (string) address No The street address of the user (string) city No The city the user resides in (string) state No The state the user resides in (string) zip No The postcode/zip the user resides in (string) country No The country the user resides in (string)
- Click Save to save the changes.