There are three methods you can use to enable SSO (single sign-on):
1. Authentication by passing user name and password via URL - This works well when a user has already logged into their company intranet and you want to pass the login details so they don't have to log in again to order in the portal. There is no cost to use this process. This assumes the user account already exists in the Pressero site. The URL for passing people through to a B2B site when they're already logged into their intranet is as follows:
domain = your B2B site's domain
xxxx = the user's email address (or username)
yyyy = the user's password
1a. User Impersonation - A variation of this is that instead of sending the user's actual password, you can enable user impersonation for your site (or your subscriber) and pass an impersonation password in the URL.
See Chapter 5
and Chapter 30
of the Pressero user manual.
2. SAML - Pressero supports SAML (Security Assertion Markup Language) which is a standard protocol for web browser single Sign-On using security tokens. SAML securely eliminates passwords. There is a cost to add SAML to your storefronts and each site must be activated individually. To activate SAML you should contact either your sales representative or the Pressero support team.
Per default Pressero provides pre-defined configuration for the following Identity Providers:
- Azure AD (http://azure.microsoft.com)
- Okta (www.okta.com)
- OneLogin (www.onelogin.com)
- PingOne (www.pingidentity.com)
- SalesForce (www.salesforce.com)
This means that, Pressero was tested to use those providers, but if you use a custom identity provider, you can configure manually the application so it can communicate with your custom IdP. For more detail on configuring each of these options refer to this article.
3. OAuth2 - Pressero also supports OAuth v2.0. OAuth 2 enables access to user accounts on an HTTP service. It works by delegating user authentication to the service that hosts the user account and authorizes access to the user account on Pressero. This is available on all sites if you have the Professional or Enterprise packages.
Per default, Pressero provides access with the following services:
- Facebook (https://developers.facebook.com)
- Twitter (https://apps.twitter.com)
- Google (https://console.developers.google.com/)