SSO: App Access and Launch

Talkdesk® provides users with direct access to all apps installed from Talkdesk AppConnect™ within their instance of Talkdesk. To further streamline this experience, you are required to provide Single Sign-On (SSO) via Talkdesk to your hosted web apps.

Figure 2 - App Access and LaunchFigure 2 - App Access and Launch

Figure 2 - App Access and Launch

When a user launches an app from their Talkdesk environment, they'll be re-directed to the standalone URL you provided when you registered your app's version.

From here, you are able to provide the users with the proper access and user experience in your hosted web apps.

❗️

SSO Fail

If the SSO fails for any reason, or if you can’t resolve the Talkdesk user to an authenticated user in your system, you must present an error page with the user's contact.
Talkdesk recommends capturing these errors in your system automatically, so that you can provide proactive troubleshooting services to your customers.

Initiating SSO

📘

SSO is accomplished using the OAuth 2.0 Authorization Code grant type.

When opening an installed app from Talkdesk, the user is redirected to the standalone URL you provided with these query parameters:

Parameters

Description

talkdesk_installation_id

Unique identifier of the partner app installation in the user's Talkdesk account

talkdesk_user_id

Talkdesk user’s ID initiating SSO

❗️

User ID

The user ID is meant to be used as a hint only, and it must not be used to authenticate Talkdesk users under any circumstance.

As part of the app installation process, some information you receive from the Events API app.installed event regarding the installing account, includes:

  • Authorization URL.
  • Tokens URL.
  • Client ID.
  • Installation ID (for the partner app).

📘

Talkdesk recommends storing the information above to map the installation ID from this SSO request to the correct client ID, authorization URL and token URL (required to perform Talkdesk SSO via Authorization Code).

🚧

Automated Authentication

When users are redirected to the standalone URL you provided, you must initiate the SSO process immediately. No additional clicks (i.e. "Login with Talkdesk") must be required from the user.


Did this page help you?