General use
We provide an OAuth2 authentication integration for the platform, which can be used to login on the Web CMS, Web Frontline App, the SwipeGuide Native Apps (iOS and Android) for offline access, and the Smart Skills app.
This allows your users to authenticate through the OAuth2 provider that is maintained by your company.
Please note that authorization levels within the platform are still managed inside the platform to maintain a user friendly and understandable system.
We provide the flexibility to configure different types of log-in methods on the CMS and the Frontline Apps, depending on the needs of the Workspace, such as email and password, as well as SSO. Alternatively, you may require your users to ONLY log in with SSO.
If you wish to enable this feature on your platform please make sure to contact SwipeGuide Support before using this documentation.
Pre-requisites
- Your platform must have log-in options already enabled (versus being a public platform).
- The OAuth2 provider that you want to use to sign into SwipeGuide should be already managed and set-up by your IT teams with valid credentials or certificates. SwipeGuide should already be added as an one of the applications in your systems.
- We only allow for one SSO configuration (one SSO provider) per platform. If you require different SSO configurations, please contact your Customer Success Manager to set up a new platform.
OAuth2 Setup
For basic documentation please consult the OAuth website. In order to setup your platform we have some information that needs to be submitted to your OAuth2 authentication service and there is some information we need in order to connect the services. We have a callback URL that will need to be setup within the OAuth2 authentication service and we will need some OAuth2 authorization tokens from the service. These will differ per service.
We currently support out of the box:
- Microsoft Entra ID (Formerly Azure AD)
Microsoft Entra ID
In order for the Microsoft Entra ID (formerly Azure AD) setup to work we need: clientID, clientSecret, resource and tenant. Please find out more about these on the OAuth documentation for Azure Entra ID.
Callback URL
https://[platform].swipeguide.com/sso/azureadoauth2/callback
The platform in the URL is the platform's main domain that needs to be referred to. Please note that this callback URL will work for both single and multi-domain platforms and the user will be redirected accordingly.
Google
In order for the Google setup to work we need: clientID, clientSecret and hostedDomain. Please find out more about these on the OAuth documentation for Google.
Callback URL
https://[platform].swipeguide.com/sso/googleoauth2/callback
The platform in the URL is the platform's main domain that needs to be referred to. Please note that this callback URL will work for both single and multi-domain platforms and the user will be redirected accordingly.
SAML 2.0 Setup
In order for the SAML setup to work we will need your metadata file or:
entryPoint: SSO Service URL cert: The public signing certificate used to validate the signatures of the incoming SAML Responses if used.
The claims we need you to send us: displayName, ID, Email
Assertion Consumer Service URL
https://[platform].swipeguide.com/sso/saml/consume
SAML Metadata
https://[platform].swipeguide.com/sso/saml/metadata
Entity ID: swipe-guide
The platform in the URL is the platform's main domain that needs to be referred to. Please note that this callback URL will work for both single and multi-domain platforms and the user will be redirected accordingly.
Automatic Session Time-out
As an additional platform service and configuration, you may request via your Customer Success Manager for a sessions to timeout automatically after X minutes of inactivity (lack of requests to the server).
FAQs
1. Learn what to do when SSO Authentication Error is showing after trying to login to SwipeGuide
You may receive an authentication error when logging to SwipeGuide Platforms due to an expired secret key.
Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.
Currently, SSO is an Add-On feature that can be requested by submitting a ticket to Support. Your company’s IT department needs to provide the requested information based on the desired solution provider with the SwipeGuide engineering team in order to set this up. We don't manage or maintain any of the customer's keys ourselves.
If you think your secret key expired or is about to expire, please do the following:
- Inform your local IT about this and proactively ask for a new certificate
- Reach out to SwipeGuide Support with the new details
Note: We would highly recommend your company to set a reminder every 2 years to prevent this from blocking your users to log in and share with us the new credentials.
2. Multiple Users on Shared Device
You may run into a situation where, say, "Operator A and Operator B use a shared device, Operator A logs out of the APP, and then Operator B logs into the APP. Operator B now sees Operator A's Skills Matrix."
Why does this happen?
When a user logs into the app using SSO, it checks if there’s already an active SSO session on that device. If Operator A signs out of the app but does not fully sign out of their SSO account itself, the next person (Operator B) will be automatically recognized as Operator A upon logging in via SSO. This is a common behavior across many apps that use SSO or similar services, as they rely on the browser or device's current sign-in state.
To ensure that each user has to enter their credentials when using a shared device, please follow these steps:
1. After using the app, log out from the APP as usual.
2. Also, fully sign out of the SSO account (Google, for example) on the browser or device.
3. The next user can then log in with their own credentials.
Alternatively, to avoid this automatic SSO recognition, users can log in with their email and password rather than SSO on shared devices.