In this section

Enterprise SSO integration

Berry van Elk
  • Updated
Follow

Within the Enterprise licence of Maglr, it is possible to secure a publication or complete domain. With the standard options, we offer security based on a password or secured link. With this secured link, you get direct access to a publication. These security methods work but are not always the best approach when you are sharing content with a bigger audience. If someone grabs hold of the password or secret link, everyone has direct access to the content. Read more about the standard security methods.

The following additional security methods apply with an Enterprise licence:


Single Sign-On

A modern variant for corporate organizations is to connect Maglr to their corporate Single Sign On (SSO/oAuth2) protocol. This allows employees to use their existing corporate login to gain access to the Maglr dashboard and/or publications. When using SSO it is not necessary to create separate user accounts, as an employee automatically gets access to the application with his existing login. If this account is withdrawn or disabled, access to Maglr publications will be immediately denied as well.

No more hassling with separate passwords and especially convenient for clients with more employees that require an account or the ability to view publications. They can go directly to the application or publication via a methodology which is already familiar to the employee.

An SSO can be connected with Maglr to:

  • The dashboard. The place where employees log in to create or edit publications themselves.
  • The publication domain name. The environment where one or more publications can be opened and viewed, like staff or client magazines for example.

To connect to SSO, we offer two different types:

Basic SSO  - (single sign-on) Oauth2.0 integration:

The most common integration for organizations using Microsoft or Google. 
  • We configure a well-known authorization provider;
  • Examples: Microsoft (Azure AD), Google (G Suite), Facebook;
  • Usually, no configuration is required from your end;
  • After the user logs in on one of the above providers, we request the most basic user profile;
  • We need to create a filter to grant access to a specific group of users. For example, you supply us with a whitelist of domains that are allowed to access the content, example: *@company.com. When a user logs in and is redirected to our application, we check if their e-mail is accepted from the whitelist. Other filters are also possible depending on your company structure;
  • The above personal basic profile is only used during the login session. We do not save any user data on our server, only the anonymous ID to keep the oAuth sessions active. 
 Estimated setup time: a few days 
 
 

Custom SSO - (custom single sign-On) Oath2.0 integration:

For applications other than the commonly used providers, as mentioned above, we are also able to create custom integrations. We can authenticate the users based on Oauth2, but add additional API calls to validate access to certain publications. An example could be a publisher, sharing publications through a paywall where we need to check if a user did order a specific publication before opening it. 
 
For this scenario the following steps are required:
  • You supply us with /authorize, /token and /user URLs, client_id and client_secret based on the Oauth2 protocol;
  • We supply you a list of return_URLs, and optionally IP addresses for a whitelist;
  • You supply us with (optional) extra calls we need to implement in the rights structure;
  • We need authorization credentials for testing, and direct technical contact for troubleshooting.
Estimated setup time: a few weeks
 

For more information or implementation of an SSO integration for your company, please contact us via support@maglr.com. 

Related articles