Integrating Single-Sign-On

What is Single Sign-On?

Single Sign-On, or "SSO", is an authorization scheme that allows users to access their Tidal Labs dashboard using the same credentials (i.e., email and password) as their existing account in a separate application database that you control.

For example, if you manage an application hosted at app.brand.com that allows users to sign up, login, and perform tasks, integrating single sign-on will allow your users to use those same credentials to log into their Tidal Labs user dashboard at superusers.brand.com. If a user has already signed up at app.brand.com, they will not need to sign up again at superusers.brand.com.

Integrating Single Sign-On

Integrating SSO between your existing application and your Tidal Labs brand portal is always a custom integration; the first thing you should do is reach out to your Tidal Labs account manager in order to get an estimate of costs, timeline, and capabilities. We will need to conduct a brief technical audit of your existing application before we can determine the scope of implementation.

Requirements of Your Application

In order to successfully implement SSO, your application must provide mechanisms for the following actions:

  1. Your application must handle requests for new signups, and have an appropriate redirect mechanism that can redirect new users back to our app to complete the process.
  2. Your application must handle requests for password reset, also with an appropriate redirect mechanism.
  3. Your application must handle requests for account deletion.
  4. Your application must have an API endpoint or other similar mechanism to handle log-out requests.
  5. Your application must have an API endpoint that provides account details for the logged-in user.
  6. Your application must have a long-lived token authentication mechanism.
  7. Your accounts or user profile system must provide to us at very minimum a valid and unique email address and name for the user.

While Tidal Labs does most of the work involved in integrating SSO, you will need to make a technical representative available to us; we will need specific technical details, and in some cases we will require modifications to your application in order to successfully implement SSO.

Limitations of Single Sign-On

Typically, SSO integrations will be uni-directional; that is, profile details will flow from your application to Tidal Labs, but not in the reverse direction. Tidal Labs user profiles are data-rich, and it is likely that your application will not have the appropriate schema to handle the full Tidal Labs profile data. Therefore, a user editing their biography on their Tidal Labs account will typically not update their biography in your application.

It is possible to implement a bi-directional SSO scheme; this will greatly increase the scope of work for the integration, so should only be considered if there is a strong business case for doing so.