Identity Provider Integration

An integration with an Identity Provider (IdP) is quite simple: The IdP looks to understand whether or not a customer exists.

Typically, it uses email or phone number searches to locate customers that presumably exist on the SessionM platform. These searches often notify SessionM that there has been a user (customer) create or update in the database. Such notifications might come directly from the IdP or indirectly from the IdP telling a customer web site or app that they exist in the system and are in good standing.

IdPs are focused primarily on verifying that customers logging into a web site or application actually exist and have a corresponding customer profile in SessionM. If the customer does exist, then its likely that an integration can expect access to the SessionM authentication token associated with the existing customer. However, if the customer doesn't exist, then the integration can include a function that creates a customer profile on SessionM. The bottom line is that an IdP is looking to prevent customers from engaging in fraudulent activity by ensuring there is a one-to-one relationship between the customer and their profile on the SessionM platform.

The most effective way to identify a customer is by searching the platform for their email address or phone number. Alternatively, other globally unique parameters can be used as well, including their internal SessionM user ID or the external ID from the system being integrated. The integration under discussion in this topic is highlighted in the image below.

This integration workflow begins by verifying a customer's signup process, where the customer attempts to access the application or web site being integrated with SessionM. That customer action is then followed with the IdP verifying that the customer exists by looking up their associated phone number or email address. If the customer exists, then the IdP can retrieve the customer profile and the customer's logon is authenticated. If not, then a profile can be created for the customer. Alternatively, a customer may want to access an existing profile so they can update it with new information, such as an email address or an authentication number. You can use platform APIs to make real-time calls for any of these IdP workflows by using the following core tasks:

  • Searching for customers
  • Creating customer profile
  • Retrieving customer profile
  • Updating customer profile

Key Integration Endpoints

While this topic does focus on the standard aspects of an IdP integration, each implementation can contain specific transaction data points specific to business, or vertical, needs.

The diagram below depicts the key endpoints enabling a standard IdP integration:

You can access technical details for each of the endpoints featured in this graphic using the links below:

Integration Best Practices

As you move forward with your integration, bear in mind several best practices that can help ensure a successful SessionM implementation:

  • Use existing SessionM APIs to retrieve existing customer profile.

  • IdP can reside with client and SessionM may know nothing about it.

  • Use an email address as a unique authentication criteria in searches, or looks up, for SessionM customer profiles; it can also be sent to SessionM as part of the process that creates a new customer profile.

  • Use other globally unique criteria to search for and identify a customer, including an external ID from another integrating system or a SessionM user ID.