1. Create a JSON object of a user’s information

The first step is to take your user information that you want sent over to Intuo and put into a JSON object.

You should end up with something that looks like this:

Example JSON:

{"first_name": "John", "last_name": "Smith", "email":"john.smith@intuo.io", "organization": "Intuo", "student_groups": "Marketing,Sales", "courses": "1,33", "redirect_uri": "/courses/effective-management"}

2. Create a Single Sign-On Token

Next, we’ll turn that JSON object into a token that grants the user access to Intuo.

  • Encrypt the JSON object with AES using your intuo_subdomain (If you're default.intuo.io then this value would be 'default') as the password and your sso_key as the salt to generate an SSO token. You can get your sso_key from the 'Settings' > 'Integrations' > 'Single Sign-On' portion of the Intuo Admin panel.
  • Base64 encode the encrypted output to generate the token.
  • Escape the token to make it web-safe.
  • If you are using multibyte strings in PHP, use mb_internal_encoding(‘ASCII’); & mb_internal_encoding(); around the SSO generation code

3. Passing the Single Sign-On Token to Intuo

The next step is to forward the token on to Intuo by including it as a URL parameter named sso. You have a couple options in how you do this:

  • You can append the token onto a link to your Intuo academy (ex: https://default.intuo.io/sign_in?sso=TOKEN)
  • You can create a link to http://yourdomain.com/academy and then have that URL generate a token and redirect to https://default.intuo.io/sign_in?sso=TOKEN

4. Login Redirection

What we’ve described so far allows you to allow to take a user who's logged into your system and send them to your Intuo academy. But, what if they go directly to your Intuo academy before logging into your system? You can handle this by setting a remote login URL where your users will be sent when they arrive at Intuo not logged in.

Let’s say your academy (default.intuo.io) is set up to allow SSO users and your academy is publicly accessible.

  1. Go to the'Settings' > 'Connections' > 'Single Sign-On' tab and add your SSO Remote Sign-in URL, http://default.com/login (for example)
  2. A user goes to default.intuo.io
  3. They can browse the academy but when they want to perform an action that requires authentication, then they’re prompted to sign in.
  4. User clicks the sign-in button and is forwarded to http://default.com/login
  5. Your users will be redirected to your site.
  6. User logs in to your Login page and signs in
  7. You construct the return URL and add the SSO token (e.g. https://default.intuo.io/sign_in?sso=XXXXXXXXX)

Need Help?

If you have any questions please contact support@intuo.io.

  • Example code in PHP
  • Please include your code and a log output (including all the warnings PHP interpreter prints).
  • Print the original user data in JSON, the encrypted data, the URL-escaped data, and finally how you are using it (the entire URL which you are using).
Did this answer your question?