Single Sign On
Accommodating Single Sign On within your Helium project is as simple as adding a button, hook, or action that will send the user to your Provider's login page. After successfully logging in via your Provider, the user will be sent to the returnTo url as specified by your Provider or by the query parameters included in your request.
Additional information regarding the support and configuration of various SSO Providers can be reviewed on Academy. The Thought Industries SSO docs also live here.
SAML 2.0
${host}/access/saml/login/:client?
| Path | Description |
|---|---|
client | Optional The slug of the Panorama the user should belong to, if the Panorama has its own SSO Configuration |
OpenID Connect
${host}/access/openId/login/:client?
| Path | Description |
|---|---|
client | Optional The slug of the Panorama the user should belong to, if the Panorama has its own SSO Configuration |
Query Parameters
| Parameter | Description |
|---|---|
returnTo | Optional The URL the user should be sent to after successfully authenticating. If no returnTo is provided, the user will be sent to /learn/ |
JSON Web Token (JWT)
${host}/access/jwt
| Parameter | Description |
|---|---|
jwt | Required A signed, valid token containing the identity and attributes of the user, e.g., email, externalCustomerId, role, returnTo, etc. The token can be signed either by your Secret Key or API Key. |
JWT persistence
The JWT token generated when authenticated into the main Thought Industries platform will persist across Helium pages also.