Our single sign-on feature uses a standard called Open ID Connect. When a user logs in with SSO, we initiate an Open ID handshake with the user's identity provider (IdP). Once the IdP authenticates the user, they're redirected back to Dotdigital. From there, we check the details all match and then give them access to their data.
To learn more about OpenID, check out the OpenID connect website.
Looking to set up SSO?
This article focuses on the technical process behind our SSO feature. To learn to set up SSO, log in to your Dotdigital account, then check out our article Set up Single Sign-On (SSO) for your account.
Understand single sign-on
The SSO login process is a six-step procedure:
The user enters their email into the Dotdigital login form.
We recognise the user's account as SSO enabled and redirect them to their IdP.
The user is directed to their identity service provider (IdP) and prompted to sign in.
At this point, we also request the following user details from the IdP:openid
profile
email
phone
offline_access
After successfully signing in, the IdP sends the user's details to us.
When we receive the user's details, we validate them using OAuth tokens.
We validate that the user logging in is the same as the one we received details for. To do this, we look at the information provided the IdP –user information, ID token– and then match the email address against one of the following:email
upn
unique_name
preferred_username
emails (we split this into a comma-delimited list and check all of them)
After validating the SSO user, we start the session and direct them to their Dotdigital account dashboard.