Remote Authentication (Single Sign-On)

Last update: 12.01.2024

When you register with Deskie, you are provided with a help center. It allows your customers to ask for help, review previous requests, read knowledge base articles, and leave ideas on how to improve products or services.

Such a thing is, no doubt, very worthwhile. However, until recently, not everyone was in a hurry to use it. First, the help center can be accessed by any user, which in some cases is not advisable. Second, registration is required for all key actions.

Remote authentication solves both problems. It makes life easier for customers and gives you more control over the help center.

The functionality is available through the following path: admin account — section "Help center" — subsection "Authentication". Let's take a closer look at its settings and options to use.

1. Standard authentication by Deskie

b5efc11936ee3d384807183e9e6bf468.png

This type of authentication is active by default. When it is used, customer accounts on your service and on Deskie are not linked. You need to register separately in the help center, and anyone can do it. It is not possible to prohibit registration.

As a bonus, we have added the option of displaying the help center to authorized users only. In this case, when you click on the help center link, an authorization form will be displayed:

de6676e1859a3ac233cc4207accfe86d.png

This option should not be considered as limiting access to the help center. It scares away "lazy" users, but the form has both registration and login via social networks. To a greater extent, this option is designed to collect basic user data. Plus, you make it easier for customers to work with the help center — sign-in is already done, and they can perform any actions.

2. Remote authentication

This type of authentication is more difficult to set up, but it is more convenient in many ways. It has two main purposes: limiting access to the help center and eliminating double authentication for customers.

For example, you want to make a private knowledge base and place materials there only for paying customers. To solve this problem, you need to set up Single Sign-On and hide the help center from prying eyes with the "The help center is available to authorized users only" option.

3c6cbe30d0e62475a998a3a68e75bc01.png

As a result, customers can only access the help center after logging into a personal account on your service. Therefore, it's up to you to decide which of them can see the knowledge base and which cannot.

When the "The help center is available to authorized users only" option is inactive, everyone has access to the knowledge base and ideas, but only your customers are able to access it. In this case, clicking on the "Login" link (in the upper right corner of the help center) redirects to the page specified in the "Remote login URL" field.

Personal account on your website

If the customer doesn't have a personal account on your service, that's okay. You can create a standard authorization form to check the data entered by the user and then log in to the help center (if he/she is a customer).

Instruction for JWT

1. Information on JWT + example of using JWT.

2. The fields we accept via JWT:

  • iat (mandatory) — Issued At (the time the token was generated);

  • email (mandatory) — the user's email address;

  • name (optional) — user name;

  • external_id (optional) — external id of the user;

  • company_name (optional) — user's company name;

  • company_position (optional) — position of the user;

  • remote_photo_url (optional) — URL of the avatar;

  • exp (optional) — time during which the request is valid.

3. Customer data should be transferred by JWT request to the address: https://[yourcompany].deskie.io/access/jwt?jwt=[jwt_payload], where instead of "jwt_payload" the string encoded with a marker is substituted.

If you use your own subdomain, the first part of the address (https://[yourcompany].deskie.io) must be replaced.

4. If the JWT request is successful, the address for "forced login" with code 200 is returned. If there was an error, the response is returned with code 401 and the content of the error.

Other details

1. Regardless of the type of authentication, if the "The help center is available to authorized users only" option is enabled, the help center indexing is disabled.

2. If SSO is selected, and this is the first time the customer writes to the support email address, the password is not included in the notification email. The link to the case remains, but when clicking on it the customer is forwarded to your authorization page (if the customer is not yet logged in).

3. The user data you pass through JWT (JSON Web Token, JSON web marker) overwrites the data we hold. So if you don't want to change user data, you should pass only the email address in the JWT request.

4. If you use a unique ID to identify the customer, we update/indicate it when we don't find the ID from the query, but find the email address. In this situation, external_id from your request is written for the found address.

5. If you set up remote authentication, then when the customer is authorized, the "Full Name" and "Email Address" fields are hidden in the case submission form when creating the case. In the user profile, the password change block is also hidden.

Was this article helpful?