Single Sign-On (SSO)

Wavecast supports unified sign-in journeys via integrations with third-party Identity & Access Management (IAM) solutions. These integrations increase security, standardise verification methods and authenticate user access.

Centralised user authentication simplifies the sign-in experience as users require only a single set of login credentials. Password management is standardised, reducing the frustration for users of having to follow different forgotten password processes.

Single Sign-On (SSO) is supported for front-end "audience" users only, not admin users.

About OpenID

Wavecast uses OpenID Connect, an industry standard method that eases friction for users navigating between multiple systems controlled by the IAM solution and Wavecast.

OpenID Connect is an identity layer on top of the OAuth 2.0 protocol. It allows web-based, mobile and JavaScript clients to request and receive information about authenticated sessions and end-users.

The API-friendly nature of OpenID Connect is compatible with the existing User API developed by Wavecast and available to OneHub clients.

Integration Options

A few different options are supported, depending on how the Auth Provider is setup and the desired user experience.

Using this method, users sign in, register, and reset their password through the Auth Provider.

Requirements:

  • The Auth Provider must have registrations enabled.

  • The Auth Provider must allow password resets.

User Flow

Setting Process

The setup process is straightforward. The instructions are specific to Auth0, but they should be the same for most Auth providers.

The steps below are usually required for both a Sandbox environment and Production. Information will be provided for each.

The following information will be provided about the Wavecast hub and can be used to set up the application with the Auth Provider:

  • Application Login URL: {HubUrl}/sign-in

  • Allowed Callback URLs: {HubUrl}/openid/auth/callback

  • Allowed Logout URLs: {HubUrl}

1) Applications > Applications > Create Application

2) In the Settings tab, fill in the following fields and save:

Application Login URL: {HubUrl}/sign-in

Allowed Callback URLs: {HubUrl}/openid/auth/callback

Allowed Logout URLs: {HubUrl}

Add your Application Logo

3) From the Settings tab, copy and securely save the following fields.

Supply the following information to Wavecast in order for the configuration to be completed:

  • Domain

  • Client ID

  • Client Secret

Method 2

This method is normally used if the Auth provider does not allow registrations or if the registration process is not immediate.

Using this method, users sign in and reset their password through the Auth Provider but sign up through Wavecast.

Requirements:

  • The Auth provider must allow password resets.

  • Access to the AuthProvider API will be required in order to allow user profile creation when users register within Wavecast

User Flow

Method 3

This method is normally used if only employees are allowed to use SSO. e.g. users with emails @companydomain.com are forced to use the SSO.

Using this method, employees are required to log in through the Auth Provider, and everyone else uses the standard Wavecast sign-in method.

User Flow

Last updated