Implementing Single Sign On for Workplace by FacebookSSO Solution by Agiliway

Business Case

These days, companies can improve their internal communications while using Workplace by Facebook – a collaborative platform that allows co-workers to share information via corporate chat messages, voice and video calls, update and organize files, publish corporate news, etc.

What is more, Workplace by Facebook (for the reader convenience we will use the term ‘Facebook’ further in the article) can be integrated with major corporate IT systems into a company’s collaboration space. This is possible with building SSO (Single Sign-On) solution between a variety of enterprise-aimed applications like CRM, ERP, project management tools, etc. And Agiliway brought this idea to life by successfully integrating CiviCRM (one of the popular CRM platforms) with Facebook using SAML SSO. Now our client benefits from the integrated solution where they, on the one hand, use CiviCRM to maintain their business contacts, tasks, documents, etc. and, on the other hand, leverage Facebook that simplifies communication between employees. The solution allows a user to login into CiviCRM and simultaneously provides the auto-authorized access to Facebook. Hence, there is no need to switch between applications. The usage of SAML SSO authentication gives one an auto access to all features from both platforms included in the solution from one place.

How It Works: Implementing SAML SSO

To enable Single Sign-On (SSO) authentication, our team has chosen SimpleSAMLphp provider. Big and profitable businesses usually use payable identity providers (IDPs) – OneLogin, Bitium, Okta, etc. – but since our client is a non-profit organization, we decided to apply this free PHP-based IDP.

SAML is an XML-based markup language for exchanging authentication and authorization data between applications and organizations. Using SAML for SSO eliminates the need to maintain multiple usernames and passwords for authentication in various applications. The SAML protocol is executed through an open source PHP application (SimpleSAMLphp). It supports SAML as Service Provider and Identity Provider. CiviCRM connects to the authentication source (identity provider), the service provider verifies data authenticity and enables access to the Facebook profile.

Upon using SSO, the requested service – in our case it’s Facebook -delegates the function of user data authenticity verification to another trusted service (SimpleSAMLphp). That is, Facebook entrusts the issuance of the necessary authentication certificate to the identity provider (see Pic. 1)

SSO Facebook Authorization Solution

Pic.1 SSO Authorization

The following is a summary of 7 steps used to execute the SSO authorization, illustrated above in Pic. 1:

  1. The CiviCRM user (a Client) tries to access Workplace by Facebook page (Service Provider)
  2. Facebook identifies the user’s origin and redirects to the SimpleSAMLphp Identity Provider, asking for authentication. This is the authentication request.
  3. SimpleSAMLphp refers to Drupal/CiviCRM to verify user’s data…
  4. … and establishes browser session between CiviCRM and SimpleSAMLphp
  5. SimpleSAMLphp IDP generates the authentication response in the form of an XML-document containing the user’s credentials, signs it using a certificate, and posts this information to Facebook (Service Provider)
  6. Facebook, which already knows the Identity Provider (in our case – SimpleSAMLphp) and has a certificate fingerprint, retrieves the authentication response and validates it by using the certificate fingerprint
  7. The identity of the user is established, and the user is provided with the access to the Service Provider (Facebook)

What Next

All in all, a successful CRM integration with Facebook using SAML SSO may enforce the complete control over application access. An important point is that CiviCRM and Facebook integration is just one sample – we in Agiliway are able to implement SAML SSO into other systems as well; it is possible to put a solution into action, for instance, to integrate CRM with ERP or e-commerce platform, so that everyone can access these applications with single password and login.

Conclusively, Agiliway is experienced enough to build a successful integration model for every business.