Single Sign On
Idea shared by FlexWS - May 15, 2015 at 3:04 AM
SmarterTrack seems to offer a SSO option.
Is it possible to create a SSO option for SmarterMail so we can route a user to their Inbox directly from another system?

11 Replies

Reply to Thread
I thought that there was an option for this.. Bummer :(
So I voted for it!
I'm guessing since SmarterMail 16x. will be completely API driven, it will need to have SSO capabilities for security purposes.
Everything will be exposed to and driven by the API, so the initial connection will require authentication with the SM user account db. Then you will get a token, key, or something to be used for further calls so the user doesn't have to keep entering their password (and you don't have to save it, creating a vulnerability).
Once you have this token, you should be able to route the user to their Inbox or do whatever you want. Again, this is just my take on things. ST would need to confirm.
Well... this was what I shooting for....
What we have discovered, is you can do an authorization from website X to smartertrak; but the user has to already be in SmaterTrak...  AND unfortunately  you have zero fighting chance to sync passwords and userids.... because encryption may/may not be the same.   
I had asked in another forum if there would be a way to force-set our user's password from a central point.. using an API... so that is the direction that we are going to go....    So the user would signon to our platform  A....  and then we will push their password and/or userid to SmarterTrak AND password to SmarterMail.... Thats the only way to sync.  The problem comes in, user changes their password at one place or the other... you have no way to know.
Just wondering if this is on the list for SM16. Hoping someone from ST can comment. Thanks!
Any update?
This is very much needed. Prior to SM allowed users to login via the API but now that is not possible in SM16. Why make such a major change without notifying your customers?
I haven't tested it yet, but I see there is an API to SM16.
Also, i  **think** that there was an initial issue with login process, if you had a custom login in routine.. and I believe that has been fixed...
What would be great is if  ST(Smarter Trak 13) could use same user/name password as SM16.
They have provided a work-around; but we are still trying to get that tested.
Could we get an update from this? Really need this for our portal.
We had our portal custom coded to allow login by postmaster and end-users with v. 15. v16 broke this. Here is the reply from ST from July 2017:
From: Sales Department
Sent: Thu, 20 Jul 2017 08:14:22 -0700
To: xxxxxxxxxxxxxxxxxxxxxx
Subject: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"If they are trying to make their own API calls, they don't actually want the auto login script. Instead, they should follow the documentation on Authentication. This should be done by using the Authorize Bearer tokens they get from authorizing and putting that Authorization header in the API calls."
I also learned that when using auto login, the script does need to be hosted on the same domain, which could be why you were experiencing trouble with this. Let me know of any concerns or follow up questions! 
I look forward to your reply,
That was a **major** blow to us since this functionality is required by the way our portal was coded. I will continue to harp this issue since I find it rather stupid that "the script does need to be hosted on the same domain" just does not work in real-world scenarios.
Matthew J. Sine, General Manager8Dweb LLC"Making the Web a Happy Place"
Well for sure, it is a pain in the arse.. because I have SM users, I want to send over to our own STrak.  AND .. just in the case you are pointing out.. they certainly not coming from the same domain...  I don't understand why generating a simple login in API or script... can be that difficult.
<sigh> my soap box.
I would hope ST would at least acknowledge this post. Just tell us if this is even a possibility.

Reply to Thread