Authentication via iframe
  • 01 Feb 2024
  • 3 Minutes to read
  • Dark
    Light

Authentication via iframe

  • Dark
    Light

Article Summary

About

Authentication relates an external user to a Salesforce Contact. Blackthorn Events supports dynamic visibility of Events, Event Items (Tickets), Sessions, and more by identifying a registrant’s Salesforce Contact ID.

The process uses only the Contact ID, instead of the entire Salesforce authentication process, to pass the authenticated “user” to the Blackthorn Events app’s iframe.

The two main uses are to allow visibility control of Events and related records to different types of contacts and to automatically pre-populate Contact details for registration.

Visibility Control

By using the Contact’s Contact ID, the value in the Contact’s Visibility Control field can be determined.

The Visibility Control field is located on the Event, Event Item, Contact (for Communities), Attendee, and Session objects. The field’s standard picklist values include Member, Non-Member, VIP, and Press. Customized options can also be added.

Once a value is chosen, dynamic Events/Event Items (Tickets) will be shown to only those Contacts with the matching value. For example, if an Event Item's Visibility Control = "Member", only Contacts with Visibility Control = "Member" will see the Event Item.

Referencing the Contact ID, also auto-populates the Attendee Form with the standard Contact fields.

To read more about Visibility Control, click here.

Setup

Important: Please Read

SSO is not supported on the Events Mobile Check-in app.

What is an SSO Code?

An SSO code is an authentication method that enables users to securely authenticate the Events app.

Steps

To use Blackthorn Events' authentication for Salesforce, complete the steps below.

  1. Host the authentication protocol on your existing site.
  2. Embed the Events app via iframe.
  3. Generate a Context Key (e.g., Shared Secret) with a valid UTG-8 characters using a key generation tool (ex. https://www.allkeysgenerator.com/).
  4. Encode the Context Key to base64 with an encoding tool (ex. https://www.base64encode.org/).
  5. Send the Context Key securely to Blackthorn at admin@blackthorn.io.
    • Blackthorn will follow-up on your request within 1-3 business days.
    • Please do not send secrets within cases or to other Blackthorn emails.
    • Send one key per Salesforce org.
  6. The mechanism to authenticate a Contact with the Events app is an SSO code. The SSO code is generated by encrypting the Contact ID with the Context Key.
  7. Include the SSO path in the iframe.
<script
  src="https://events.blackthorn.io/loader"
  data-path="/2N9C2F6/g/mfztRPF52q"
  data-sso="XXXXXXXXXXXXXXXXXXXXXXXXX">
  </script>

To use Blackthorn Events' authentication with your own 3rd-party open authentication protocol (such as OpenID, Okta, etc.), complete the steps below.

  1. Host the authentication protocol on your existing site.
  2. Embed the Events via iframe.
  3. Generate a Context Key (e.g., Shared Secret) with valid UTF-8 characters using a key generation tool (ex. https://www.allkeysgenerator.com/).
  4. Encode the Context Key to base64 with an encoding tool (ex. https://www.base64encode.org/).
  5. Send the Context Key securely to Blackthorn Onboarding or Support if already live.
    Note: Send one key per Salesforce org.
  6. The mechanism to authenticate a Contact with the Events app is an SSO code. The SSO code is generated by encrypting the Contact ID with the Context Key. Create your own custom code to implement the process.

Each organization is responsible for writing the code and implementing the process when using a 3rd party. However, here is a sample code script explaining how to achieve it: ssogenerator.pseudo.

The script will need to be applied to the programming language you are using where the codes need to be generated. The Subject Id listed in the pseudo code is the Salesforce Contact ID.

Frequently Asked Questions

Q: Does an SSO code need to be generated for each Contact?
A: Yes, a unique SSO code needs to be generated for each Contact. When using Salesforce as the identity provider, no additional custom code is needed. When using a 3rd party identity provider, you must generate the SSO code using the Context Key Blackthorn provides and each user’s Contact ID.

Q: Does an SSO code need to be generated for each Attendee?
A: No, Attendees can’t use SSO authentication. Attendees need to use the AttendeeLink URL from the Attendee record.

Q: Can I use AWS Key Management Service?
A: No. Different encryption libraries have different preferences for encrypting data. AWS Key Management Service is not compatible with Blackthorn’s solution.