|Table of contents|
LoginShare is the mechanism for authenticating your support desk users using an external database or authentication mechanism.
With LoginShare you can integrate your Kayako product with your existing Intranet, LDAP (Active Directory) or any third party applications. Single sign-on enables centralized management of user accounts from one single source. If you already have backend systems and user databases available, this enables you to let your users to log in, without registering another account.
To configure LoginShare settings in the support desk, click on the Users tab on the navigation menu bar, and then click LoginShare, as shown below
You will be presented with all the configurable settings specific to the LoginShare configuration.
|Enable User LoginShare|| If set to Yes, all authentication requests for the support center users will first be tried against the URL specified below in the "User LoginShare URL" field, that is the LoginShare API.
|User LoginShare Title|| Specify a title/name that you wish to keep for this LoginShare for identification.
|User LoginShare URL|| Specify the LoginShare API URL here. This is a URL to the location of an authentication script.
|It is important that your LoginShare script is properly tested or you could lock yourself out of the system.|
Once enabled, the system will dispatch any login requests made by your clients to the authentication URL.
The LoginShare script needs to be designed to receive the following data via POST
- username: The username entered by the user
- password: The password specified by the user
- ipaddress: The IP address of userattempting to login
The LoginShare script needs to reply back with an XML format that corresponds to one of the following formats:
|It is important to add interface related checks to your script or you could end up allowing access to the Admin CP|
All user accounts created by the LoginShare system will have a random password assigned to them.
Each user account is identified based on the email address of that account. The system expects each email address to be unique, otherwise it will simply end up updating the staff record every time a new user attempts to login.
The user's login attempt will be rejected.