Go To Dashboard

Enable Web SSO

Developer

Single sign-on (SSO) is the authentication mechanism, which allows users to sign in to different applications with a single digital identity. Also, upon signing into one application user is signed into another (SSO enabled) application automatically.

Web SSO
Developer

Web SSO is a method of browser-based session management that utilizes browser storage mechanisms like sessionStorage, localStorage, cookies to maintain the user’s session across your applications.

Web SSO is only available for the developer and higher plans.

LoginRadius Web SSO: A centralized domain managed by LoginRadius Auth Page ( IDX ) is utilized to perform the authentication. When requested, this centralized domain shares the session with authorized applications.

So that the users logged in to one application automatically logs into other applications, independent of technology, platform, or domain the user is using.

Whitelist Your Domain

To use LoginRadius Web SSO, make sure the desired domains are whitelisted under Whitelist Your Domain in the LoginRadius dashboard.

To add your application domain, login to your LoginRadius Dashboard account, from the left navigation panel, click Configuration and then navigate to the Whitelist Your Domain section. Click the down arrow or anywhere within the section, the following screen will appear:

Domain Whitelisting

Enter the desired domains in the Add Domain textbox highlighted above and then click the Add button.

Setting Up SSO Token

This section covers how you can manually set a LoginRadius access_token for SSO.

Setting SSO Token via Ajax Call

To manually set the access_token for SSO via AJAX, make an AJAX call to the following endpoint: https://<LoginRadius Site Name>.hub.loginradius.com/ssologin/setToken

Query Parameters:

  • token: Pass in the access_token that you desire to set for SSO.

  • apikey: Your LoginRadius API Key.

  • callback: Your AJAX callback method.

Example of an AJAX Call function:

$.ajax({
            type: "GET",
            url: "https://<your lr app name>.hub.loginradius.com/ssologin/setToken",
            dataType: "json",
            data: $.param({
                token: token,
                apikey: "your-API-key"
            }),
            xhrFields: {
                withCredentials: true
            },
            success: function (response) {
                console.log(response);
                //write your code here after setting the token successfully
            },
            error: function (xhr, status, error) {
                console.log(error);
                //write your code here for error handling
            }
        });

Setting SSO Token via HTTPs Redirect

In Safari browsers, there is an additional security layer preventing cookies from being modified externally, which restricts the use of JSONP for this use case. As a solution, you can simply use an HTTPs redirect for your Safari customers.

Do a redirect to the following endpoint:

https://<sitename>.hub.loginradius.com/ssologin/setSafariToken

Query Parameters:

  • token: Pass in the access_token that you desire to set for SSO.

  • apikey: Your LoginRadius API Key.

  • callback: The callback URL, where you would like the customer to be redirected.

Example of a redirect method:

if(safari){ // This is for safari browser, you need to check if your user is using safari or not
window.location="https://<sitename>.hub.loginradius.com/ssologin/setSafariToken?token=<accesstoken>&apiKey=<apikey>&callback=<callbackURL>"
}else{
   	Ajax function provided previously
}
Edit on GitHub