Single-Signon - Cookie Based Single-Sign-On

The cookie based SSO option is for sites that already have an authentication model in place using a browser/login session. In such cases, the system can use a shared cookie model to determine if a user is authenticated or not.

Here is a general overview of the IdeaScale SSO process:

  1. IdeaScale user visits your community
  2. IdeaScale checks for a specific cookie
  3. If cookie isn't present, IdeaScale redirects to your authentication page
  4. The user completes your authentication steps
  5. Your authentication page writes a cookie to users browser (cookie includes payload such as email address, first name, last name, etc)
  6. The authentication page re-directs back to your IdeaScale community.
  7. IdeaScale again checks for the cookie, using the data in the payload to provision the user (if user has not been provisioned already).

What are the steps in implementing a Cookie based SSO?

  1. Your authentication system (after user logs in) must set a SESSION LEVEL (Expires when browser is closed) and a DOMAIN LEVEL cookie. You can name the Cookie anything you want. The value of the cookie should be a DES Encrypted and Base64 Encoded String of the user's email address.
    1. Domain Level Cookie (Domain=.mycompany.com)
    2. Session Level Cookie (Timeout = When Browser Closes)
    3. Cookie Name (Anything You want)
    4. Cookie Value (DES Encrypted + Base64 Encoded String of the user's email address)
  2. Setup your IdeaScale portal with a Custom Domain URL (ideas.mycompany.com) - See the references section below on how to enable Custom Domain URL on your IdeaScale site.
  3. Change the settings on your portal to do Cookie Based SSO:
    Survey Software Help Image
    Make sure you do the following:
    • Authentication URL : This is the URL that the system will redirect to if a users comes to your site _without_ a cookie. This is usually your login screen on your intranet/site.
    • The Site Name : The Name of the Cookie you used in Step 1 above. This has to match the same name.

Is the cookie encryption used for all implementations?

Currently the Encryption of the Email string is in Beta and not released to all customers. You can used Cookie based SSO (without) encryption now. You can simply put the email address as the value of the cookie -- without encrypting it.

I would like to pass in other variables (firstname, lastname etc.) - when using SSO Cookies - How can I do that?

By default the value of the cookie is the email address. In cases where multiple values (like first name and last name) need to be passed, change the value of the cookie to be of this format:

email=jon@mycompany.com&firstname=Jon&lastname=Doe&custom1=Seattle&custom2=US&custom3=Employee

You can have UPTO 5 CUSTOM VARIABLES attached to a user.

Each Custom Variable can hold maximum 128 characters.

Do I need to setup a DOMAIN Level Cookie? Can I do a Host Level Cookie?

Yes - The cookie has to be at the DOMAIN Level (.mycompany.com) and NOT at the host level.

I would like to customize the Login/Signup instructions on a Single-Signon - How can I do that?

If Single Sign-On is enabled on your portal, you will see an additional option to customize the text of the SSO. Update that text and when users need to sign-on, they'll be presented with it.

Survey Software Help Image

What DES encryption mode should I use ?

Please use the ECB mode.

License & Access Options

This feature/tools described here are available with the following license(s) :

Enterprise Edition

Unlimited Surveys, Questions

Advanced Toolset and Features

No Long Term Commitment