Skip to main content
Skip table of contents

Authentication

SpeedFlex Single Sign-On (SSO) Overview

Emplifi Ratings & Reviews Single Sign-On (SSO) integrates with your authentication system. With SSO, users who are already logged into your site can immediately interact with your Emplifi Ratings & Reviews widgets. Unregistered and logged-out users are pushed through your registration and login processes.

The SSO process is triggered each time a user takes an action that requires authentication.

These actions always require authentication:

  • submitting a review

  • asking a question (depending on your configuration)

  • answering a question

  • replying to an answer

SSO Principles

The following principles are behind the SSO strategy:

  • Login and registration are delegated to your site. Widgets don’t maintain an authenticated state. When you enable SSO, there is no login to a Emplifi authentication system.

  • In a non-SSO setup, widgets show the Emplifi Ratings & Reviews login and registration screens. In an SSO setup, login and registration are delegated to your site at exactly those same points so that your authentication system can plug in seamlessly.

  • Data about the logged-in user is obtained from your site using a JavaScript function call when the widget needs that data. For example, this need arises when a user submits content.

  • When you pass an email address to us during an SSO query, we treat that email address as confirmed.

  • The widget places no restrictions on how login and registration are implemented. For example, you could use a modal with XHR calls, or you could direct the user to a dedicated registration and login page.

    • Widget context is passed around using a context token called contextObj. You can use the context token to display appropriate messaging.

SSO Workflows

The following workflows illustrate how Emplifi Ratings & Reviews SSO interacts with your site based on various user actions and site configurations.

Asking a question, logged out on your site, site allows anonymous questions

  1. A user submits a question.

  2. SSO login is triggered.

    • If the user does not log in successfully on your site, the question is accepted but the user will not receive an email notification when the question is answered. To maximize user engagement, see SSO Messages for more on creating context-sensitive messages for your users.

    • If the user logs in successfully on your site, the question is accepted. Email notification of answers will be sent to the user’s email (provided by your site).

Asking a question, logged out on your site, site does not allow anonymous questions

  1. A user submits a question.

  2. SSO login is triggered.

    • If the user does not login successfully on your site, the question is not accepted. To maximize question acceptance, see SSO Messages for more on creating context-sensitive messages for your users.

    • If the user logs in successfully on your site, the question is accepted. Email notification of answers will be sent to the user’s email (provided by your site).

Answering a question or writing a reply, logged out on your site

  1. A user submits an answer or a reply.

  2. SSO login is triggered.

    • If the user does not login successfully on your site, the answer or reply is not accepted. To maximize content acceptance, see SSO Messages for more on creating context-sensitive messages for your users.

    • If a user logs in successfully on your site, the answer or reply is accepted. Email notification of replies to the answer will be sent to the user’s email (provided by your site).

Submitting content, logged in on your site

  1. A user submits a question, answer, reply, or review.

  2. SSO logged-in status is verified by your site.

  3. The content is accepted. Email notification of answers or replies will be sent to the user’s email (provided by your site).

Clicking on a link in a question email

  1. A user clicks the "answer this question" link in an email.

  2. No SSO verification or login is triggered. Instead, the user is pre-authorized to answer since the email was only sent to email addresses associated with a product purchase related to the question.

  3. The user submits an answer.

  4. The answer is accepted.

Writing a review, no purchase required

  1. A user submits a review.

  2. SSO login is triggered.

    • If the user does not log in successfully on your site, the review is abandoned. To maximize review acceptance, see SSO Messages for more on creating context-sensitive messages for your users.

    • If the user logs in successfully on your site, the review is accepted.

Writing a review, purchase required

  1. A user clicks the "write a review" button.

  2. SSO login is triggered.

  3. Emplifi Ratings & Reviews verifies the user has purchased this product and has not submitted a review.

  4. The user submits a review.

  5. The review is accepted.

Clicking on a link in a review solicitation email (RSE)

  1. A user clicks the "write review" link in an email.

  2. No SSO verification or login is triggered. Instead, the user is pre-authorized to write a review since the email was only sent to email addresses associated with a product purchase.

  3. The user submits a review.

  4. The review is accepted.

Custom profile attributes

For review submission on sites that use custom profile attributes, a few steps pre-populate the review form with user profile data:

  1. A user clicks the "write review" button.

  2. When the review form opens, the widget requests SSO logged-in user profile data. This does not authenticate the user. It is only used to pre-populate the form.

  3. If the user is currently logged in on the client site, the user’s profile data is retrieved and used to pre-populate the review form.

These steps only apply for reviews and are only necessary on sites that use custom profile attributes. After the initializing steps, the workflow is similar to the review submission workflow.

SSO Messages

Because you control the registration and login screens, it's up to you to create messaging for your users. High-quality messages guide users toward successful content submission.

Messages help users understand:

  • where they're at in the content submission workflow

  • why they've been directed to a login or registration screen

  • benefits of registering or logging in

  • downsides of not registering or logging in

When you enable SSO, Emplifi Ratings & Reviews passes the widget context using a Base-64 encoded context token (contextObj). You may decode the context token and read the action field, which tells you what triggered the SSO process. If needed, you can also check the authSetting field, which may impact the message you want to disclose to the user. With this information, you can display appropriate messaging on your login and registration screens.

The possible values for action are:

  • REVIEW_CREATE

  • QUESTION_CREATE

  • ANSWER_CREATE

  • REPLY_CREATE

  • PROFILE_ACCESS

The possible values for authSetting when using SSO are:

  • ANONYMOUS

  • CONFIRMATION_REQUIRED (not relevant for SSO)

  • PURCHASE_REQUIRED

  • REGISTRATION_REQUIRED

Suggested Messages

Scenario

action value

authSetting value

Suggested message

Asking a question, logged out on your site, site allows anonymous questions

QUESTION_CREATE

ANONYMOUS

"Your question has been submitted. Please check back here for answers, or log in or register to have answers emailed to you."

Asking a question, logged out on your site, site does not allow anonymous questions

QUESTION_CREATE

any setting other than ANONYMOUS

"Please log in or register to complete your submission and have answers emailed to you."

Answering a question or writing a reply, logged out on your site

One of these:

  • ANSWER_CREATE

  • REPLY_CREATE

REGISTRATION_REQUIRED

"Please log in or register to complete your submission."

Submitting content, logged in on your site

One of these:

  • QUESTION_CREATE

  • ANSWER_CREATE

  • REPLY_CREATE

  • REVIEW_CREATE

any setting

No custom messaging needed because the user is already logged in.

Clicking on a link in a question email

None. SSO does not apply to any email workflows.

None. SSO does not apply to any email workflows.

No custom messaging needed because no SSO verification or login is triggered.

Writing a review, no purchase required

REVIEW_CREATE

any setting other than PURCHASE_REQUIRED

"We need to know who you are before we post your review. Please log in or register."

Writing a review, purchase required

REVIEW_CREATE

PURCHASE_REQUIRED

"To ensure authenticity you may only write reviews for items you've purchased. Please log in or register so we can look up your purchases."

Clicking on a link in a review solicitation email (RSE)

None. SSO does not apply to any email workflows.

None. SSO does not apply to any email workflows.

No custom messaging needed because no SSO verification or login is triggered.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.