Within the Enterprise licence of Maglr, it is possible to secure a publication or complete domain. With the standard options, we offer security based on a password or secured link. With this secured link, you get direct access to a publication. These security methods work but are not always the best approach when you are sharing content with a bigger audience. If someone grabs hold of the password or secret link, everyone has direct access to the content. Read more about the standard security methods.
The following additional security methods apply with an Enterprise licence:
A modern variant for corporate organizations is to connect Maglr to their corporate Single Sign On (SSO/oAuth2) protocol. This allows employees to use their existing corporate login to gain access to the Maglr dashboard and/or publications. When using SSO it is not necessary to create separate user accounts, as an employee automatically gets access to the application with his existing login. If this account is withdrawn or disabled, access to Maglr publications will be immediately denied as well.
No more hassling with separate passwords and especially convenient for clients with more employees that require an account or the ability to view publications. They can go directly to the application or publication via a methodology which is already familiar to the employee.
An SSO can be connected with Maglr to:
- The dashboard. The place where employees log in to create or edit publications themselves.
- The publication domain name. The environment where one or more publications can be opened and viewed, like staff or client magazines for example.
To connect to SSO, we offer two different types:
Basic SSO - (single sign-on) Oauth2.0 integration:
We configure a well-known authorization provider;
Examples: Microsoft (Azure AD), Google (G Suite), Facebook;
Usually, no configuration is required from your end;
After the user logs in on one of the above providers, we request the most basic user profile;
We need to create a filter to grant access to a specific group of users. For example, you supply us with a whitelist of domains that are allowed to access the content, example: *@company.com. When a user logs in and is redirected to our application, we check if their e-mail is accepted from the whitelist. Other filters are also possible depending on your company structure;
The above personal basic profile is only used during the login session. We do not save any user data on our server, only the anonymous ID to keep the oAuth sessions active.
Custom SSO - (custom single sign-On) Oath2.0 integration:
You supply us with /authorize, /token and /user URLs, client_id and client_secret based on the Oauth2 protocol;
We supply you a list of return_URLs, and optionally IP addresses for a whitelist;
You supply us with (optional) extra calls we need to implement in the rights structure;
We need authorization credentials for testing, and direct technical contact for troubleshooting.
For more information or implementation of an SSO integration for your company, please contact us via firstname.lastname@example.org.