Implementing Single Sign-On

If you have not created an API Client, please visit Create an API Client before continuing.

Request a Token from the API

To begin, request a token using your created API. For more information on requesting tokens, click here.

Please make sure you do not expose API Client credentials to the browser.

To initiate an SSO login, make a POST request to /white-label/generate-session with the following required user details:

Organization details

role - The user's role (one of: "owner", "admin", "manager", "team_member", or "custom")
provider_org_id - Your internal organization ID for this user/group of users

User details

email - The user's email address
full_name - The user's full name
phone_number - The user's phone number

The API will return a sso_login_token that can only be used once. Subsequent attempts to use the same token will result in a sso_token_redeemed error.

API Reference - Generate SSO Session

Redirect to the White Label Application

To exchange your sso_login_token for a session, redirect users to a one-time URL built using the code query parameter, like <WHITE_LABEL_DOMAIN>/redirect/sso?code=<SSO_LOGIN_TOKEN>.

Conclusion

After completing the steps above, place this process behind an authenticated endpoint and button within your portal. This will allow your users to log in to your white label application with a single click.

Implementing Single Sign-On

Request a Token from the API​

Generate an SSO Login Token​

Redirect to the White Label Application​

Conclusion​

Request a Token from the API

Generate an SSO Login Token

Redirect to the White Label Application

Conclusion