Khoros Aurora SSO auto-sign in
The Khoros Single Sign-On feature enables any client user system to integrate its sign-in and registration system with Khoros Community. This solution creates a seamless sign-in experience for community members.
Members sign in as usual through the main client site. After signing in, they are forwarded to the community site and are automatically signed in or registered on the Khoros system. While auto-login works for local authentication as well as any supported SSO mechanism, the steps describe the process for the Khoros SSO sign-in flow:
- Member signs in to your system
- If the member is already in the system, go to step 2.
- If the member is new, require them to register and create an account through the normal method for your system. It is recommended that you capture a uniqueID and email address.
- Pass the following parameters to LithiumSSOClient class to generate the SSO token:
- uniqueID parameter
- login (display name) parameter
- email parameter
- The token (cookie) is generated and the member is authenticated in the community. When the member comes to the community, Khoros verifies the token (to make sure it was generated by your system) and lets the member in.
Note: Auto sign-in works only if the user has accepted to set cookies.
Notes:
- If your system does not capture both an ID and an email, the uniqueID can be the same as the email address as long as all users are guaranteed to have a unique email address. If using an email address for uniqueID, pass the email address twice for both uniqueID and email parameters.
- If your system is not currently capturing a display name or profile name for the community user, Khoros can configure your community to direct members to a profile setup page where the member will create a username (display name). However, you still need to pass any character (for example, a single space) in the login parameter. Khoros will then ignore this value since the member will be asked to choose a login. Ask your Customer Success Manager to set this up for you.
- Some communities choose to implement “bounce” SSO as well, where Khoros configures a “bounce URL” to redirect a browser to the first time it comes to a Khoros site. That URL is hosted by the customer and is used to check if a member is logged in and to redirect back to Khoros with an SSO cookie (or SSO token in a query parameter). This adds a seamless login experience for cases where a member is already logged in to a customer site and goes straight to the community.
Use the flowchart below to discover what happens when you have auto sign-in enabled in your community. This flowchart begins with a member accessing a community page after their session has expired. The chart ends with the member being logged in or directing you to the SSO flowchart named SSO_login.pdf, which you can find linked at the bottom of the About Khoros Aurora Single Sign On (SSO) article on Atlas.
Related topics: