By default, your Feedback Portal is publicly accessible to anyone with the URL. SSO lets you restrict access to authenticated users only. Once set up, users are verified through your own system before accessing the portal, and their details are passed through automatically. Follow the steps below to get started.
How to enable SSO with the Feedback Portal
1. Access Userback Portal Settings and Copy the Private Key
Navigate to your Portal Settings, and select the Single Sign-On tab. From there, copy your private key (keep this one a secret).
2. Generate SSO Token with JWT Library
Use a JWT library on your server side to generate an SSO token using the private key you copied in step 1. The SSO token contains the user's email, name, and avatar URL. Additional user information can be added. Here's an example using Node.js:
const jwt = require('jsonwebtoken');// Replace YOUR_PRIVATE_SSO_KEY with your actual private keyconst private_key = 'YOUR_PRIVATE_SSO_KEY';// Replace the placeholder values with actual user informationconst sso_token = jwt.sign({ email: 'user@example.com', name: 'John Doe', avatar_url: 'https://www.example.com/avatar.jpg'}, private_key, { algorithm: 'HS256'});
3. Add SSO Token and Redirect Users to the Feedback Portal URL
Add the SSO token generated in step 2 to your feedback portal URL, and redirect your users to the URL with the SSO token included. This will automatically log them in using SSO. Here's an example using JavaScript:
// construct the URL for the feedback portal with the SSO tokenconst portal_url = 'https://mycompany.ideas.userback.io/p/nMeOGChr32?sso_jwt=' + sso_token;// redirect the user to the feedback portalwindow.location.href = portal_url;
4. Optional: Hide the Feedback Portal from Anonymous Users
Configure your portal settings to require SSO authentication if you want to hide the feedback portal from anonymous users and only allow users authenticated by SSO to access it.
Once you've completed the steps above, make sure to verify and test the SSO implementation before directing your users to the Feedback Portal. If you have any questions or need assistance, our friendly support team is always ready to help.
How to enforce SSO
Concerned about anonymous feedback confidentiality? Use Single Sign-On (SSO) to restrict portal access to authenticated users only. Anonymous users will see a customizable "Private" screen with a message and login links.
Make sure you have configured SSO for your Userback project. Check out our guide on how to enable Single Sign-On (SSO) with the Feedback Portal.
Enable the "Enforce SSO" toggle which is found in your Portal Settings directly below the Private Key.
Customize the message that anonymous users see when they try to access the feedback portal. You can do this by adding a title to Line 1 and a text/description with links on Line 2. To add links, use the following format: [text](url).
Here's an example that you can copy and paste:
Welcome to our Private Feedback Portal ๐Only authenticated users have access. [Login or Register](https://app.yourapp.com)
That's it! Now only authenticated users will have access to your Userback Feedback Portal, ensuring the confidentiality and security of your feedback.
Frequently Asked Questions
Q: What is a JSON Web Token (JWT)?
A: JSON Web Tokens (JWT) is a standard for securely transmitting information between parties as a JSON object. Read More about JWT and how it works here.
Q: Can I hide the feedback portal from anonymous users and only allow users authenticated by SSO to access it?
A: Yes, you can hide the feedback portal from anonymous users and only allow users authenticated by SSO to access it. See How to enforce SSO for more details.