How to enable JWT SSO for agents to log into Comm100 account

Summary

Comm100 Agent SSO allows your agents to have a single login across Comm100 and other applications. Once logged in, you can move swiftly between Comm100 and other applications without needing to log into separate accounts or remember multiple usernames and passwords.

Comm100 supports Agent SSO via SAML (Security Assertion Markup Language or JWT (JSON Web Token) . This article introduces the steps on how you can enable the SSO with JWT. If you have been authenticated outside of the Comm100 system, you will be seamlessly granted access to Comm100 after implementing the SAML SSO.

As Comm100 account admin, read the following sections to enable the JWT Agent SSO option in your Comm100.

• Required Information for Enabling JWT SSO
• Enable JWT SSO in your Comm100 Account
• User Management after Enabling JWT SSO
• Log into your Comm100 Account with SSO

Required Information for Enabling JWT SSO

JWT SSO provides a security mechanism that allows your Comm100 account to trust the sign-in request obtained from your systems. Therefore, if you want to set up JWT SSO, please meet with your tech team responsible for your JWT authentication system to ensure that your company has a JWT service accessible by Comm100 users.

Please ask your tech team to provide the following information:

• The remote login URL for your JWT service that Comm100 will redirect your agents to for remote authentication.
• (Optional)The remote logout URL where comm100 can redirect users after they sign out of Comm100.

To configure the JWT authentication system, your tech team, usually your IT Department, may require some additional information from Comm100. Please ask your team to refer to the Technical Implementation Details at the end of this article.

After you get all the required information ready, read the following section to learn how to Enable JWT SSO in your Comm100 Account.

Enable SAML SSO in your Comm100 Account

1. Log in to your Comm100 Control Panel.
2. From the left navigation menu, go to Global Settings > Security > Agent Single Sign-On.

3. Turn on the Agent Single Sign-On (SSO) toggle key.
   Switch to JWT SSO, and fill in the required information.
   As we mentioned in the first section of this article, collaborate with your technical team and get the Remote login URL and **Remote Logout URL(optional).The Shared Secret is randomly generated the moment you enable JWT SSO. This is a shared secret token between you and Comm100. Submit it to your tech team as they will need it for JWT authentication.

You can also find the SSO login URL displayed on the page, share this link with your agents as they will need it to log into Comm100 once you set up Agent SSO.

4. Click to Save .

User Management after Enabling JWT SSO

After you enable Agent SSO, please note the following:

1. Only your account admin can use their Comm100 email and password to log into their Comm100 account once Agent SSO with JWT authentication has been enabled. Non-admin agents can be only signed into Comm100 via the enabled SSO platform and they cannot update or reset their Comm100 password.
2. Only after your account admin creates an agent account with an email address that matches one in your SSO platform, can an agent sign into their Comm100 account via JWT SSO. If they try to login to Comm100 using their Comm100 credentials, they will see this message:

Note: Non-admin agents cannot sign in with Comm100 login credentials. They can only sign in via SSO, otherwise, they will see the following error message:

Log into your Comm100 Account with SSO

After you enable agent SSO and connect Comm100 to your SSO platform, your non-admin agents will need to log into Comm100 via your SSO service.

1. Go to your account User Sign-In page.
2. Click Sign in with custom SSO.

3. Provide your Comm100 Site ID and click Next.
   Note: If you are unsure about your Comm100 site ID, consult your Comm100 account admin.
   As mentioned in the previous section, in your SAML SSO configuration page of the Comm100 control panel, you can find the complete SSO login URL, including the Comm100 Site ID. Example: https://dash12.comm100.io/login/sso/?siteid=20100000

4. Comm100 redirects you to the configured login system according to your JWT implementation.
5. If you’ve already signed into your own login system, you will automatically be authenticated and logged into your Comm100 account. If you are not signed in, log into your system first, and you will be authenticated and given access Comm100.

Technical Implementation Details

Please ask the relevant tech team in your company who is responsible for the JWT implementation to refer to the following technical details:

• JWT Algorithm and Token Types
• JWT Attributes
• Comm100 JWT SSO endpoint
• Remote Login URL Parameter (redirect_url)
• Code examples for JWT SSO Implementation

JWT Algorithm and Token Type

Please specify HS256 as the JWT algorithm in the header of your JWT payload. HS256 indicates that this token is signed in using HMAC-SHA256.

{
  "typ":"JWT",
  "alg":"HS256"
}

JWT Attributes

An email address is required for Comm100 to uniquely identify the user. Using the attributes listed in the table below, you can send additional user profile data which will be synced between your user login system and Comm100.

Comm100 JWT SSO endpoint

After successfully authenticating the user, redirect the user along with the JWT payload to the Comm100 endpoint:
https://

The payload should be base64-encoded and appended to the URL as a query string. The JWT payload must be sent to your Comm100 system using the https protocol. Here is an example:
https://

Remote Login URL Parameter (redirect_url)

When Comm100 redirects a user to your remote login page, it also passes a URL parameter named redirect_url. The parameter contains the page that Comm100 will return the agent to after your login system has authenticated the agent. Append the parameter (name and value) to the Comm100 JWT endpoint.

Code examples for JWT SSO Implementation

Actually, it is easy for your tech team to implement the JWT SSO. We are also providing JWT SSO examples in our GitHub repository helping you have a quick start with our JWT SSO implementation.