Introduction to Single Sign-On

Single Sign-on (SSO) is only available in the business plan.

Introduction

Single sign-on (SSO) is an authentication method that allows users to access multiple systems using one account. In Hyvor Talk, SSO can be used to allow users to log in to the comments section without having a Hyvor account but an account on your website.

Hyvor Talk supports two Single Sign-on methods.

  • Stateless
  • OpenID Connect

Important: When you enable Single Sign-on for your website, we create new website-specific accounts for each user, which are different from Hyvor accounts. These accounts can only be used to comment, vote, react, etc. in the embed of the assigned website.

Stateless vs OpenID Connect

In stateless SSO, Hyvor Talk does not save the login state of the user. Each time you tell Hyvor Talk if the user is logged in or not. If he is logged in, you send their data to us.

If you use an identity provider that supports OpenID Connect protocol, you can use OpenID Connect SSO to easily integrate Hyvor Talk with your identity provider.

Stateless:

  • When loading Hyvor Talk, publishers let it know whether the user has logged in or not.
  • If the user is logged in, the website owner sends user information such as name, picture, etc.
  • Then, Hyvor Talk will create a new SSO ID-specific profile for the received data.
  • Each user is identified by an ID given by the website owner.

OpenID Connect:

  • The website owner gives Hyvor Talk the application's client id, client secret, and issuer URL.
  • In the first load, Hyvor Talk will show a login button in the comments section.
  • User can log in to Hyvor Talk via the website owner's identity provider (using OpenID Connect protocol).
  • Then, Hyvor Talk will create a new SSO ID-specific profile for the user.
  • Hyvor Talk remembers the state of the user in the session.
  • User will automatically log in after that until session expires.

OpenID Connect SSO uses cookies for authentication, and users have to log in to the comments embed seperately, even they are already logged in to your website. This is a downside compared to Stateless SSO, which automatically logs in users in each request.

What can SSO users do?

  • Publish comments
  • Edit their comments
  • Delete their comments
  • Vote comments
  • Flag comments
  • Receive email notifications
  • Any other thing guest users can do (Reacting, addings ratings)

Limitations for SSO users

  • SSO users cannot moderate websites. All moderators should have a Hyvor account to moderate comments. When SSO is enabled, comments can only be moderated from the console. In-embed moderation is not available for Single Sign-on websites.
  • SSO users cannot be mentioned via @ mentions.
  • Hyvor users can manage their comments, email settings in the Console's Account section. But, SSO users cannot do that.

Related Articles