Overview
LoginShare is the mechanism for authenticating your support desk users using an external database or authentication mechanism.
With LoginShare, you can integrate your Kayako product with your existing Intranet, LDAP (Active Directory), or any third party applications. Single sign-on enables centralized management of user accounts from one single source. If you already have backend systems and user databases available, this enables you to let your users log in, without registering another account.
Process
Enabling LoginShare
To configure LoginShare settings in the support desk, click on the Users tab on the navigation menu bar, and then click LoginShare.
You will be presented with all the configurable settings specific to the LoginShare configuration.
Enable external authentication for users | If set to Yes, all authentication requests for the support center users will first be tried against the URL specified below in the "User LoginShare URL" field, that is the LoginShare API. |
User LoginShare API name | Specify a title/name that you wish to keep for this LoginShare for identification. |
User LoginShare API URL | Specify the LoginShare API URL here. This is a URL to the location of an authentication script. |
It is important that your LoginShare script is properly tested or you could lock yourself out of the system.
Once enabled, the system will dispatch any login requests made by your clients to the authentication URL.
LoginShare Protocol
The LoginShare script needs to be designed to receive the following data via POST.
- username: The username entered by the user
- password: The password specified by the user
- ipaddress: The IP address of user attempting to log in
The LoginShare script needs to reply with an XML format that corresponds to one of the following formats:
It is important to add interface related checks to your script, or you could end up allowing access to the Admin CP.
Authentication Failed
<?xml version="1.0"encoding="UTF-8"?> <loginshare> <result>0</result> <message>Invalid Username orPassword</message> </loginshare>
Authentication Successful
<?xml version="1.0"encoding="UTF-8"?> <loginshare> <result>1</result> <user> <usergroup>Registered</usergroup> <fullname>John Doe</fullname> <designation>CEO</designation> <organization>Kayako, Inc.</organization> <!-- Optional: If you wish to specify the organization foruser, this is only applicable fornewusers --> <organizationtype>restricted</organizationtype> <!-- Optional: Can be "shared"or"restricted"(default) --> <emails> <email>john.doe@kayako.com</email> <email>john.doe@gmail.com</email> </emails> <phone>123-456-789</phone> </user> </loginshare>
All user accounts created by the LoginShare system will have a random password assigned to them. The fields 'phone' and 'designation' are both optional.
How Is a User Account Identified/Linked?
Each user account is identified based on the email address of that account. The system expects each email address to be unique; otherwise, it will simply end up updating the staff record every time a new user attempts to log in.
How Are Authentication Failures Handled?
The user's login attempt will be rejected.