Single Sign On FAQ

Single Sign On FAQ

Last updated:Sep 16, 2024

We are excited to announce the upcoming launch of the new version of our Single Sign-On (SSO) service. This migration guide is specifically for customers with their own applications using our SSO. Follow the steps below to ensure a smooth transition.

Updated Endpoints

Please update your application to use the following new endpoints:
  • Authentication
    • From: /authentication/v1/authenticate
    • To: /sso/v2/authorize

  • Token Management
    • From: /authentication/v1/tokens
    • To: /sso/v2/token

  • User Information
    • From: /authentication/v1/users
    • To: /sso/v2/userinfo

  • Logout
    • From: /authentication/v1/logout
    • To: /sso/v2/logout

  • Session Tracker
    • From: /authentication/v1/sessionTracker/oasm.js
    • To: /sso/sessionTracker/oasm.js

Authorization Request Parameters

When making an authorization request to /sso/v2/authorize, please include the following parameters:
  • scope: Specifies the access privileges. For OpenID Connect, use:
    • openid: Indicates the use of the OpenID Connect protocol to verify the user’s identity
    • profile: Requests additional profile information such as name and preferred_username (email).
  • login_hint: (Recommended) Customizes the login prompt UI based on the CSS/JS styling set up at the indicated entity id.
Scope Parameter: Use space-separated values (e.g., scope=openid profile) to request OpenID Connect and profile information.
Consent Requirement: Users must consent during login if the profile scope requests Personal Identifiable Information like name and username (email).

See also