If your users are already maintained in a separate external system, then today’s update is for you!
We have a new option on the Organisation Setup page which allows any Platform Administrator to configure external “pass through” authentication.
This lets your users authenticate against an external system when they log in, avoiding the need to have your user’s passwords stored on our platform.
Once external auth is configured, every time a user logs in (on our website or apps) our system will receive the login request and first ensure the user email is registered on our platform.
Assuming the user email is found, our system will then transparently “pass through” the login credentials to the external service you configured for authentication.
The external service MUST return a 200 HTTP status code to be considered authenticated by our platform; any other response will be deemed a login failure.
Currently HTTP/REST endpoints are supported, we’re looking at adding Active Directory support in the future.
User passwords are never stored on our platform when external auth is configured.
The following placeholders can be used to inject the user’s login details, use these to form a dynamic URL, Headers and/or Body: