Last updated on April 6, 2016.
Single Sign-On (
SSO) is a way for you to make use of an existing system to allow access to your video site.
The idea is that whenever an unknown user visits your videosite, they are sent to your system for authentication and sent back to us with a valid login token that allows them to freely browse your site. If the user does not have access to your authentication system (such as Active Directory) they will not have access to your video site either.
TwentyThree offers the following options for integrating Single Sign-On:
TwentyThree supports custom integration with any external system with a bit of development and the use of our API.
The first step is to set up a page on your own site that handles user authentication. Your page should do the following:
For step 1, the traditional solution is to authenticate them against a known user database or internal identity provider. However, you are free to grant users access based on whatever logic you implement. This might include a required e-mail signup or by having the user pay for access.
In your video site backend, go to
Settings → Access and enable "Single sign-on or Paywall" and enter the URL for the page you created above.
Once setup, any user trying to access your video site will be redirected to the URL you entered along with the query string
<path> is the relative URL they were trying to visit. You can use this URL in step #2 to redirect the user back to the exact page they were trying to visit.
The videossite access is set to
Single sign-on or Paywall and the
Remote login URL is set to
By default, single sign-on only authenticates users to access the frontend of the video site. There is an option found in
Settings → Access that allows you to enable SSO for back-end login as well.
This feature works by comparing the email provided in the call to /api/session/get-token with e-mails of the existing users. If a match is found, the user is logged in as that specific user in the backend rather than as an anonymous visitor.
Warning: Make sure that you do not use any shared e-mails and that the single sign-on page has been thoroughly tested, as this feature can grant full administrator rights to users logged in through SSO!