REQUEST PASSWORD RESET

RESET YOUR PASSWORD

OK
forgot password?
CANCEL

Arcentry Enterprise - Single Sign On (SSO) and Identity Provider Integration

Arcentry Enterprise is the commercial on-premise version of Arcentry. You can learn more about it here or contact us at info@arcentry.com.

Arcentry Enterprise provides an HTTP Webhook that makes it possible to integrate with any Single Sign On System (SSO), existing user database, or third-party identity provider.

How it works

You run an HTTP Server that can connect to your active directory, user database, or other authentication mechanism. Arcentry will make a HTTP POST request to a specified endpoint on that server whenever a user tries to access the app. Within Arcentry's configuration file, you can specify the URL of your webhook as well as whether to prompt the user for signup and login.

Should I show a login form to my user?

It depends. Many Single Sign On solutions rely on a system-wide session that's established whenever a user unlocks their computer. If you are using such a system, set showSignupForm and showLoginForm to false and use the cookie or HTTP-Header set by your SSO to authenticate the user.

Enabling Webhook Authentication

To switch from the internal user management to a webhook based approach, open arcentry-conf.yml, and change

config-before to config-after wherein authWebhook is the URL of a server that you run.

Using Webhook Authentication

Arcentry Enterprise will make a HTTP POST request to that server every time a user signs up or logs in with the following payload: { // can be "signup", "login" or "logout" "type": "signup", // the HTTP request header it received "header": { "cookie": "somecookie", "header-a": "somereq" }, // the IP from which the request originated "originIp": "123.456.890.111", // an optional secret that you can specify // in arcentry-conf.yml to ensure the request // comes from Arcentry "authSecret": "abcdef", // Optional credentials if you've set showSignupForm // or showLoginForm to true "email": "user@company.com", "password": "password" }

Your server should now validate the user's login attempt and either reply with an HTTP Status 200 if the authentication attempt is valid or any other status code if not.

For successful authentications, your server's response-body should be a single string that uniquely identifies the user, e.g. a user-id, or an email.

For unsuccessful attempts, you can return either an empty body or an error message string for Arcentry to display to the user.