Introduction to Single Sign-On

Single Sign-on (SSO) is only available in the business plan.

Introduction

Single sign-on (SSO) is an authentication method which allows users to access multiple systems using one account. In Hyvor Talk, SSO can be used to allow users to use the plugin without having a Hyvor account but an account on publisher's website.

Hyvor Talk supports two Single Sign-on methods.

  • Stateless
  • OpenID Connect

Stateless vs OpenID Connect

In stateless SSO, Hyvor Talk doesn't save the login state of the user. Each time publisher tells Hyvor Talk if the user is logged in or not.

If you use an identity provider that supports OpenID Connect protocol, you can use OpenID Connect SSO to easily integrate Hyvor Talk with your identity provider.

How does it work?

  • First, the publisher creates a SSO ID.
  • Then, the publisher assigns websites to that SSO ID.

Stateless:

  • When loading Hyvor Talk, publishers let it know whether the user has logged in or not.
  • If the user is logged in, publisher sends user information such as name, picture, etc.
  • Then, Hyvor Talk will create a new SSO ID-specific profile for the received data.
  • Each user is identified by an ID given by the publisher.

OpenID Connect:

  • Publisher gives Hyvor Talk the application's client id, client secret, and issuer URL.
  • In the first load, Hyvor Talk will show a login button in the comments section.
  • User can log in to Hyvor Talk via publisher's identity provider (using OpenID Connect protocol).
  • Then, Hyvor Talk will create a new SSO ID-specific profile for the user.
  • Hyvor Talk remembers the state of the user in session.
  • User will automatically log in after that until session expires.

What is a SSO ID?

A publisher can create a SSO ID from the console. SSO ID is used to authenticate users. Use one SSO ID for one system. Only 20 SSO IDs can be created from one account. Publishers can use a SSO ID on any website they own.

For example, Bob has product site and blog site that use the same authentication system. He can add those two websites seperately on Hyvor Talk and use the same SSO ID on both websites.

Important: SSO profiles are SSO ID-specific. Make sure not to delete a using SSO ID.

What can SSO users do?

  • Publish comments
  • Edit their comments
  • Delete their comments
  • Vote comments
  • Any other thing guest users can do.

Limitations for SSO users

  • SSO users can't moderate websites. All the moderators should have a Hyvor Account to moderate comments.
  • SSO users cannot access Hyvor Talk Home, which is designed for Hyvor users to manage their comments, drafts, and email settings.
  • SSO users cannot be mentioned via @ mentions.

Moderating SSO-enabled websites

All the moderators should have a Hyvor account to moderate comments. When SSO is enabled, comments can only be moderated from the console. In-plugin moderation isn't available for Single Sign-on websites.

The owner of the website can ban SSO profiles from the console.

  • Go to Console -> Account -> SSO
  • In your SSO ID, click "View" in "Assigned Profiles".
  • Seach for profiles by name and check "Is Banned" to ban a profile.

When a profile is banned, the user can still see comments but cannot comment.

Related Articles