Bring-your-own-auth
How you can give portal visitors the most seamless experience possible.
Depending on your plan, you may be eligible to configure Bring-Your-Own-Auth (BYOAuth). Contact [email protected] if you'd like to discuss upgrading your plan to include BYOAuth, or implementing this feature.
What is Bring-Your-Own-Auth?
Bring-your-own-Auth (BYOAuth) is the most streamlined user experience you can offer your portal visitors. Essentially, this feature allows users who are already authenticated into your product access your Conveyor portal without having re-authenticate.
Imagine, for example, that you offer a SaaS application at app.mediacore.com. Separately, you have a Conveyor portal set up at trust.mediacore.com. BYOAuth makes the following experience possible:
- A user logs into your web application (app.mediacore.com)
- They click "Help" in your product's navigation, then they click "MediaCore Trust Center"
- trust.mediacore.com opens in a new tab. All of these steps, which would otherwise be required, are skipped:
- Entering their email address at trust.mediacore.com to access gated content
- Submitting a request to access gated content
- Waiting for that request to be approved
- Verifying their email address once the request is approved.
- Instead of having to go through those steps, they can immediately can access gated content (pending NDA).
Constraints and Limitations
- BYOAuth requires a custom domain to be set up first.
- BYOAuth is tailored for your external customers, not your internal Conveyor users.
- Customers will still need to sign a NDA before seeing any portal content, unless you have automatic NDA bypass functionality configured for specific domains or utilize the Salesforce integration to bypass NDAs.
Implementation
To provide your users with a frictionless authentication and authorization experience, we request that you send us a signed JSON Web Token (JWT) that includes your users' email addresses. Once we receive this JWT, we'll grant the specified user access to your portal without requiring further verification.
Here are the steps to set up this feature in your portal:
- Create a secure private/public key pair that you will use to sign JWTs.
- Provide us with the associated public key, which will enable us to recognize your organization.
- Send us a signed JWT that includes the following fields:
{
"name": "Test User",
"email": "[email protected]",
"iat": 1696362120, // Current time
"iss": "some-identifier-tbd"
}
- Once we receive the above information, we will validate whether the JWT is correctly signed and provide you with an "iss" (issuer) value to use in your JWTs.
- Going forward, direct any users you wish to grant automatic access to a URL that resembles the following format: `trust.domain.com?jwt=some-jwt-token. If the token is valid, the user will gain automatic access to your portal content.
Updated 5 months ago