/sc_assets/3143/logo.png

Select a topic:

Choose from one of the topics below to browse other articles

Developer Resources

SAML integration

Last updated by Janne Jalkanen on January 15, 2018 09:37

Thinglink Connect lets you offer Thinglink to your users in a very simple fashion. However, for some customers this may not be an ideal solution, since it uses Thinglink's own user account system for managing the user data.

For customers who wish to manage their own user accounts and offer true integration with Thinglink, we support the well-known industry standard known as SAML. However, this is a bit more involved than setting up Thinglink Connect.

Become a Thinglink partner

SAML integration is currently only supported for partners. Please contact sales@thinglink.com for further details.

Become a SAML IdP

First, you must become a SAML Identity Provider, or IdP. Many systems, such as Microsoft's Active Directory, support this out of the box, but in any case you will need to talk to your administration to see how you can accomplish this.

If you do not have SAML integration built-in, open source libraries may be of assistance. For example, SimpleSAMLphp is a fine toolkit for adding SAML IdP support for your application.

Request integration

Once you have your SAML setup done, note the following things:

  • Your SSO Certificate
  • Your SSO URL

You will need to then email these to support@thinglink.com with the request to enable SSO login. Please add any details of your SSO integration - for example, should the users be added to a particular organization, or should they get a particular role, etc. For example, if you are integrating a school, you might wish to give all your users the "student" role.

Adding the integration takes a few days.

What happens at the integration?

You will send your users to our SSO endpoint at https://www.thinglink.com/auth/saml/{idp}, where {idp} is the identity provider code we will send you after the setup is done. Then we send users back to your SSO URL, where you log in your user and then redirect back to our SAML response endpoint (which is automatically managed by your SAML IdP). This sends us enough information to create shadow account on our system that is linked to the corresponding account in your system.

What about single signout?

Single sign-out is currently not supported; however the Thinglink cookies are session cookies, so SAML users will automatically log out if they do not use Thinglink in a few minutes.

Managing your users

If you have chosen to do so, all your users will be integrated in a Thinglink Organization which is owned by you. This lets you manage the users created on Thinglink systems both using our UI as well as in a programmatic manner using the Thinglink API.