SSO User Matching
Important | |
When using SSO, you need to create user accounts in ClickHelp for each SSO user that authenticates with a 3rd-party service. This is required so ClickHelp can apply specific permissions to the authenticated user, and those permissions are configured in a ClickHelp user profile. You can use ClickHelp REST API to bulk-create users or to create a new ClickHelp user every time a new application user is getting created on your end. |
The user login names may be different in ClickHelp and in the Identity Provider. When a user authenticates through SSO, the documentation portal will need to find out what ClickHelp user matches the Identity Provider user. To match the user accounts, the portal will use the ClickHelp user e-mail address as an identifier. If there is a ClickHelp user account with an e-mail that matches either the User ID or the user e-mail address given by the Identity Provider, that ClickHelp account will be authenticated in the portal.
Typically, the e-mail addresses of ClickHelp user accounts are unique in one portal. At the same time, most Identity Providers can give out the e-mail address of the user they authenticate. Hence using an e-mail makes sense the most for automatic user matching.
If there are several users with the same email address, the first one to be found in the database will be used. If you want to authenticate a specific user, you will need to explicitly bind it with the Identity Provider account. Here's how you can do that:
- Log in with the credentials of the user account you wish to associate with a specific Identity Provider account.
- Open your profile by clicking the profile icon in the top-right corner of the screen and choosing "My Profile" from the dropdown menu.
- Click a button at the bottom to link two accounts: