Authentication via iframe
  • 13 Jul 2022
  • 1 Minute to read
  • Dark

Authentication via iframe

  • Dark

Blackthorn Events supports dynamic visibility of Events, Event Items (Tickets), and more, via identifying who the registrant is. The Salesforce Contact ID is used to do this. It does not need to utilize Salesforce's authentication, but rather just the ID, so the context of the authenticated 'user' is passed to the Blackthorn Events app's iframe.

From the Contact ID, Blackthorn Events' managed packaged Visibility Controls' fields identify which values the Contact has, such as "Member". This matches with the Event or Event Item' corresponding Visibility Control field's value of "Member". Read more about Visibility Control (BETA) here.

authentication via iframe

Ex. When you reference a Contact ID It will auto populate standard Contact fields into the Attendee Form.

To use Blackthorn Events' authentication with your own auth (such as OpenID, Okta, etc.):

  1. Host the auth in your existing site.
  2. Surface our app via iframe.
  3. Pass the context of the Salesforce Contact ID.


  • The mechanism to share the context is via an SSO key to Blackthorn Events' app.
    Note: Context Key (e.g. Shared Secret) for the SSO generator must be created by Blackthorn (or if created by the customer, shared with Blackthorn) and each Org must use a different Key.
  • Your authentication relates an external user (Okta, OpenId, etc.) to a Salesforce Contact.
  • Blackthorn Events has fields called Visibility Control where after setting values on those (Contact, Event, Event Item, etc.), dynamic Events/Event Items (Tickets) will be exposed only to them.
  • Picklist values on the (Contact, Event, and Event Item fields can be updated to whichever you'd like to use. The app works by a key-value pair text literal (case-insensitive) match that's inclusive. So if you set an Event Item's Visibility Control = "Member", only Contacts with Visibility Control = "Member" will see it.

Including the SSO path in the iframe once you have the key from Blackthorn.


Click here to use our Pseduo SSO code generator.

What is the "subjectId"?

The "subjectId" is the Salesforce ID of a Contact record within your given org.

Important: SSO is not supported on the Events Mobile Check-in app.