Overview
LoginShare is a mechanism that can be used to authenticate users against any third party application. Creating and maintaining customer records over multiple databases is a hassle. Kayako offers this by providing LoginShare APIs which lets you authenticate against a third-party database/directory.
Information
LoginShare API works by capturing authentication details, passing them to third-party for authentication and outputting XML payload to confirm the status of authentication.
-
LoginShare is an all-in or nothing system. If authentication is not successful from third-party, Kayako doesn’t fall back to the local database.
-
A custom script is required to be created and specified in Kayako. This script should be globally accessible. The server on which third-party source exists must allow requests to be received from and placed to the web server on which script is placed.
-
The script should capture the POST variables (interface, IP address and authentication details) sent by Kayako login form, dispatch them for authentication to the third-party source, and retrieve and output the result in XML format.
-
A local replica (account) is created or updated in Kayako database per the information returned in XML. Linking is done on the basis of email address returned by script and password stored for a local profile is randomly generated.
-
Any persistent change to the user or staff account (including password change) needs to be done at third-party source as authentication is done from there and local profile is updated per the information contained in XML returned on successful authentication
User loginShare
- For technical know-how (such as POST variables and XML output) and how to script must be specified in Kayako, refer to Enabling LoginShare for User Accounts.
Mandatory XML nodes to be returned: ‘username’, ‘email’, ’usergroup’
User Group returned in XML should exist in the Kayako and must be allowed on the template group from which authentication is being done.
- LoginShare has to be enabled for a template group (via ‘Use LoginShare to authenticate users’ setting) to route login requests to the specified loginShare script.
Location: Admin interface > Options > Templates > Groups
If you need to support local database authentication along with third-party, you can create a new template group and disable loginShare. A template group (i.e. a unique front-end) can be accessed directly through a web browser via:kayakodomain/index.php?/templategroupname
Staff loginShare
- For technical know-how (such as POST variables and XML output) and how to script must be specified in Kayako, refer to Enabling LoginShare for Staff User Accounts.
Mandatory XML nodes to be returned: ‘firstname’,’lastname’,’team’,’email’
Staff Team returned in XML should exist in the Kayako. We recommend disallowing loginShare access on ‘admin’ interface to prevent accidental access and keep Kayako secure.
NOTE: We do not support the custom development of LoginShare scripts.