SSO Authentication
Purpose
The purpose of this document is to explain how you can gain an access token for your user without requiring standard authentication from the user.
What is the right situation for SSO / Embedded Authentication?
- When you want the end-user to access Telegra systems efficiently without requiring authentication
- When you want to add a Telegra IFRAME component into your infrastructure
Steps to prepare a user for embedded authentication
When the application wishes to authenticate a user into the Telegra Patient Dashboard, bypassing the need for traditional authentication, the application will need to utilize a few data points to prove authenticity:
Required Data Points
1. ssoKey
A user-specific ssoKey that was created at the time the user was created.
Note: If the ssoKey was not set at the time of user creation, you will need to hit the Set SSO Key Endpoint.
- The key will be hashed in the Telegra database in the same way a traditional password is
- It is incumbent upon the client system (your system) to maintain a record of the ssoKey so that it can be utilized to obtain an access token
Warning: We recommend using a GUID or a randomized alphanumeric key. Do not use identifiable information such as email, name, phone, etc.
2. userId
The user's ID in the Telegra database. This is different from the patient ID. When you create the patient or retrieve the patient record, you will find the user ID included as well.
3. AffiliateSecretToken
This will be provided through a bearer token parameter. This is a private token that can be generated through the IAS / Affiliate / Generate Affiliate Secret Token endpoint.
Making the Request
With these three data points ready, you can hit the Telemdnow-Affiliate-Collection / Authentication / Generate Patient SSO Session endpoint.
Example Walkthrough
Let's work through an example with the following assumptions:
- Affiliate: MyHealth Medical
- Patient: John Jones
Step 1: Create the Patient
When John Jones purchases, MyHealth Medical creates the patient in the Telegra system, including ssoKey as an attribute in the body request.
{
"ssoKey": "16508110-f179-4a38-8d25-deef7d1fb6ac"
}Important actions:
- Store the
ssoKeyvalue in your database or vault system for later retrieval - The response from the create patient endpoint will include the user ID associated with John Jones
Example user ID format:
usr::5a16eb07-5b1c-4db4-986e-69dc2147b29eStep 2: Gather Required Values
When it is time to generate the authentication token, gather the following values:
| Value | Source |
|---|---|
| Secret Key | Provided when setting up your Telegra account |
| User Id | Saved to your database when the patient was created |
| ssoKey | Saved to your database when the patient was created |
Step 3: Generate the Access Token
Use the endpoint from the documentation to retrieve an accessToken for the user.
Tip: With the access token in hand, you can now start an SSO session.
Updated about 1 month ago