Single sign on (SSO)

With Single Sign On (SSO) you are able to redirect users directly to Basecone without the user having to enter his credentials. This tutorial shows you how to implement SSO.

How it works

To automatically sign in a user, you need to create a portal access key for this user. The portal access key is than added to the url of the Basecone Webportal login page as query parameter like this:

https://secure.basecone.com/login?portalaccesskey=1cf2805b01a86080b1a7ad605a471e10

The user will automatically sign in if his browser hits the page and the portal access key is still valid. The portal access key is valid for 60 seconds.

The portal access key can be created through the API in two ways:

  • Using the credentials of the user to create the portal access key
  • Using the credentials of the super user to create the portal access keys for other users

Both scenario's are described below.

Using the credentials of the user to get the portal access key

To create a portal access key for a user you first need to have an API access key. If you don't have one, read here how to obtain one.

When you have the API access key for the user, a simple post request (without a payload and with the correct authorization header) will create the portal access key:

POST authentication/portalaccesskeys

This will return the following response

{
    "portalAccessKey":"76e435eb-97e7-4e07-a9a4-591e6794bf6d",
    "links":
        [
            {
                "rel":"redirect","href":"https://uat.basecone.com/login?portalaccesskey=76e435eb-97e7-4e07-a9a4-591e6794bf6d"
            }
        ]
}

The response contains the created portal access key and a url. The url can be used to redirect the user. The user will be automatically signed in. Caution, the portal access key expires in 60 seconds, so you need to redirect the user within 60 seconds.

Using the credentials of the super user to create the portal access keys for other users

Instead of storing the credentials of all users, you can just use the credentials of the super user (=user with role super user). The super user is able to generate portal access keys for other users within the same office. The request is almost identical to the first scenario, but in the payload the identifier of the user who needs to be logged in is set.

Example payload

{
   "UserId": "1111ee69-6780-4336-a73b-45f5b0ff0126"
}

The response is exactly the same as in the first scenario.

Details on retrieving portal access keys and potential error codes are described here.

You can download a sample application in C# here.