License Users SSO
Please note that license users SSO (Single Sign On) is only available on Enterprise plan. It allows using Single Sign On method for license activation.
Enabling Single Sign-On (SSO) authentication facilitates the activation of user-based licenses. Currently, this functionality is accessible through the C++ and .NET/C# SDK and directly via the License API. Comprehensive instructions for the SDK implementation can be located within the SDK documentation.
To initiate SSO for your license users, the essential steps involve establishing a user pool and provider specific to the Customer Account. This configuration is pertinent to all license users within orders generated by customers associated with that particular customer account.
Access the Customer Account view via the main platform navigation, specifically under Customers -> Customer Accounts.
Here, you can either select an existing customer account from the list or create a new one using the "Add new account" button.
Once within the customer account, navigate to the "Single Sign On" tab.
In this section, you have the option to activate SSO and gather any necessary data to ensure its seamless setup and operation.
For Enterprise accounts, each customer can be assigned a unique subdomain. This subdomain provides a streamlined experience by removing the requirement for users to manually input their company code during the login process to our user portal.
By navigating to the custom subdomain (e.g., https://company_code.users.licensespring.com), users are automatically linked to their respective customer accounts, simplifying the SSO login flow and enhancing user convenience.
Follow instructions to setup social identity sign in (Google) or SAML identity providers or Apple on our User Portal SSO page.
Follow the comprehensive setup guides for social identity sign-in options or SAML identity providers. You can find detailed steps for configuring:
These guides include the necessary steps for setting up each provider and integrating them with your account for a seamless SSO experience.
Note: Please make sure at least one customer is added by creating new one or choosing from existing customers and issue at least one license that is user based for that customer.
- LicenseSpring automatically links accounts if the email in our system matches the email from the IdP.
- If no match is found, the user is presented with a login prompt to link their existing LicenseSpring account.
- The setting "Require email verification on first SSO login" can be enabled to require email verification before linking an account.
For platform users, email verification is always required due to account sensitivity.
If you plan to use the License API directly to authenticate users ( instead of using SDKs ) you need to follow this flow:
The /api/v4/sso_url endpoint will return the URL where your hosted login UI will be served. To create the correct URL you need to use customer_account_code of the customer account for which the user pool and providers have been created and the product_short_code of the product defined in LicenseSpring.
Details for this endpoint are written in the Single Sign-On URL page. Use the URL from the response to open the hosted UI through which your users can login.
After successful login on the hosted UI, users will be redirected to the URL from redirect_uri field. Attached to this page URL you will receive some query parameters, of which the most important is the id_token or code if you are using authorization code grant described in more detail on the Single Sign-On URL page.
Along with the customer_account_code this field needs to be sent to the Activate License (Online Method) endpoint. License user needs to be assigned before that to the license which is being activated.
