Implementing Single Sign-On (SSO) at Kivra
Hello, Internet! It's Kivra Labs.
We work with two types of customers at Kivra. The first is our partners who send in their content to communicate with their customers (end users) (like, Skatteverket) and the other are the end users themselves. Our success has been built on being able to understand both types, be able to solve problems for both, and know how to get them to like talking to each other. :)
The Use Case
A prevalent example is our partners wanting to redirect end-users from a content in their Kivra inbox, straight into the partners' system. An example is an insurance company wants to communicate something important to the end user and prompt them to check their current policy on their system.
The prompt is achieved by our Active Content in the Kivra product. The Active Content is our take on an embedded iframe that is included with the partner's content. So, when the end user logs into Kivra to read the communication from the partner, they will see the Active Content above the content item.
So, to summarize, our partner wants the user to log into Kivra, read the content item, click on the link in the Active Content, and then be able to look at their current policy on the insurance company's website.
In order for this to work, the authenticated user needs to be able to transferred to the sender's system, authenticated, and then logged into the system, without the user having to re-login or be asked to re-authenticate.
The authenticated user on Kivra clicks the button in the Active Content.
The user is sent automatically to the sender's system.
Their credentials are verified.
They are logged into the sender's system.
The process is seamless for the user. The real fun is under the hood, tinkering in the engine of the technical solution.
The Solution
We used SAML2 to implement the use case.
Final Thoughts
Apart from the usual teething problems and tweaks, this solution proved really successful for us. Our partners have seen its value and we're now getting more requests to implement this on a wider scale.
Have you implemented SSO into an external system? How did you do it? Let us know on Twitter!













