JWT SSO

  • Introduction
  • Setup
  • Requirements
  • Authentication flow

Introduction

JSON Web Token (JWT) defines a compact and self-contained way for securely transmitting information between parties as a JSON object. It is commonly used for authentication and authorization purposes in web applications and APIs. If you have a customized Identity Provider that can issue JWT on behalf of users, you can use that as your Single Sign On option in Influitive.


Setup

SSO Endpoint URL - This is the URL we send the user to when authenticating for Influitive.

SSO Sign out URL - This is the URL where you would like the advocate to sign out (optional).

JWT Public Key - This is the Public key that is used to validate the token, your IT team will generate this token for you.

JWT Algorithm - We support various algorithms to sign your JWT, ensure the Public key is generated using the same Algorithm as you select here.




Requirements

When you configure your JWT token, Influitive expects certain claims or fields to be included in the Payload to properly authenticate the user:

  • email (required)
  • name (required)
  • role (required, must be either admin or advocate)
  • exp - (required) an expiry field used to indicate when this token expires and can no longer be used
  • title (optional, added to the user's profile on creation only)
  • company_name (optional, added to the user's profile on creation only)
  • language (optional, added to the user's profile on creation only)

Authentication Flow

  • A user navigates to your hub and wants to gain access. The request is redirected to the Identity Provider to handle authentication.
  • If the user is not already logged on to the IdP site or if re-authentication is required, the IDP asks for credentials (e.g., ID and password) and the user logs on.
  • The authentication system generates a JWT request containing the relevant user data.
  • The user is redirected to the Influitive endpoint (https://subdomain.influitive.com/users/authorize?infl_jwt=<your-token-here>) with the JWT payload.
  • *Note* The JWT generated by your SSO Provider should go into the infl_jwt parameter
  • Influitive then parses the user details from the JWT payload and grants the user a session

Note: Configuring JWT SSO as Admin only is not currently supported

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us