Bring-your-own-auth
How you can give Trust Center visitors the most seamless experience possible.
Time to complete: 15–20 minutes
Prerequisites: A custom domain must be set up first.
What is Bring-Your-Own-Auth?
Bring-Your-Own-Auth (BYOAuth) offers the most seamless experience for your Trust Center visitors. It allows users who are already authenticated into your _product to access your Conveyor Trust Center without needing to re-authenticate.
For example:
- A user logs into your SaaS app at
app.mediacore.com. - In the navigation, they click Help → MediaCore Trust Center.
trust.mediacore.comopens in a new tab. Normally, they would have to:- Enter their email address to access gated content
- Submit an access request
- Wait for approval
- Verify their email after approval
With BYOAuth enabled, these steps are skipped. As soon as they land on your Trust Center, they can access gated content (pending NDA), creating a fully frictionless experience.
Constraints and Limitations
- A custom domain is required.
- BYOAuth is designed for external customers, not internal Conveyor users.
- Customers must still sign an NDA before accessing gated content, unless you've set up NDA bypass rules (e.g., via Salesforce integration or domain settings).
Implementation
To enable BYOAuth, your application will send Conveyor a signed JSON Web Token (JWT) containing the user’s information. Conveyor will validate the JWT and grant the user access without further verification.
Setup steps
-
Generate a key pair
Create a secure private/public key pair for signing JWTs. -
Provide the public key
Share your public key with Conveyor so we can verify JWT signatures from your system. -
Send a signed JWT
Include at minimum the following fields:{ "name": "Test User", "email": "[email protected]", "iat": 1696362120, // Current time "iss": "some-identifier-tbd" } -
Validation
Conveyor will validate the JWT signature and provide you with aniss(issuer) value to use in future tokens. -
Redirect users
Send users to your Trust Center using a URL like:https://trust.domain.com?jwt=some-jwt-tokenIf the token is valid, they’ll be granted access automatically.
Common questions
Do visitors still need to sign an NDA?
Yes, unless one has already been signed for their organization or you use Salesforce for this.
Can I use BYOAuth for internal employees?
No. This feature is intended for external users accessing your Trust Center.
What's next?
- Setting up a custom domain - Required before enabling BYOAuth
- Bypassing NDA - Skip NDA for trusted contacts
- Auto-approving connection requests - Combine with BYOAuth for a truly seamless experience
Need help? Contact [email protected] for setup guidance.
Updated 19 days ago