Single Sign-On (SSO)

Single sign-on (SSO) authorizes your customer during the checkout process and allows to pre-populate checkout data with the customer's information, optimizing the customer experience.

Cleverbridge offers profile mapping and SAML as SSO options.

Profile Mapping

Profile mapping is the easiest way to implement SSO in the Cleverbridge platform. You pass your own internal ID for a customer to the Cleverbridge checkout process. After the customer completes a transaction, Cleverbridge resends this ID to you in a notification, so you can align the Cleverbridge profile with your own customer database and refer back to this profile ID for possible follow-up transactions.

To use profile mapping, perform the following steps:

1. Create a URL that opens a checkout page for your product, for example:

https://www.cleverbridge.com/864/?scope=checkout&cart=97771

2. Add the internalcustomer parameter to the link with your internal customer profile ID as its value.
   The profile ID comes from the Auth0 provider or your internal customer database.

https://www.cleverbridge.com/864/?scope=checkout&cart=97771&internalcustomer=UUID-YOUR-UNIQUE-ID-1234-5678

Step result: If the internalcustomer ID is not known in the Cleverbridge system, Cleverbridge creates a customer profile with the associated customer ID. If the ID is already known (e.g. returning customers), then the entire cart is prefilled with all the customer's contact and payment data from the Cleverbridge system.

3. (Optional step) To modify portions of the customer's existing profile in the Cleverbridge platform, add parameters to the URL that contain personal information the customer has recently provided. For a full list of available customer parameters, see Customer Data.

https://www.cleverbridge.com/864/?scope=checkout&cart=97771&internalcustomer=UUID-YOUR-UNIQUE-ID-1234-5678&billingFirstname=Han&billingLastname=Solo&billingEMail=han.solo%40cleverbridge.com&billingStreet1=Gereonstr.%2043&billingPostalCode=50670&billingCity=Cologne&billingCountryId=FR&language=en

4. Protect the parameters in the URL against manipulation using one of the following methods:

• Create a dynamic protected URL (Dynamic UURL) using the Generate Protected URL endpoint, or
• Create a session URL (SURL) using the Generate User Session URL endpoint, as shown in the example below:

curl --request POST \
  --url 'https://rest.cleverbridge.com/urlgenerator/generateusersessionurl' \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --header 'authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
  --data '{
    "TargetUrl": "https%3A%2F%2Fwww.cleverbridge.com%2F864%2F%3Fscope%3Dcheckout%26amp%3Bcart%3D97771%26amp%3BbillingFirstname%3DHan%26amp%3BbillingLastname%3DSolo%0A%26amp%3BbillingEMail%3Dhan.solo%2540cleverbridge.com%26amp%3BbillingStreet1%3DGereonstr.%252043%26amp%3BbillingPostalCode%3D50670%0A%26amp%3BbillingCity%3DCologne%26amp%3BbillingCountryId%3DFR%26amp%3Blanguage%3Den%26amp%3Binternalcustomer%3DUUID-YOUR-UNIQUE-ID-1234-5678"
  }'

If you do not protect the TargetUrl link, the internalcustomer parameter is ignored. To learn more about the limitations of these link types, see Quick Facts about URLs.

Step result: The endpoint returns the generated URL, for example:

{
  "Url":"https://www.cleverbridge.com/864/surl-w05ssUKXUq",
  "ResultMessage":"OK"
}

5. Provide the generated Url to the customer within an email or website redirect.

After the customer completes the purchase, Cleverbridge sends you the PaidOrderNotification type of notification, for example:

{
  "meta": {
    "type": "PaidOrderNotification",
    "date": "2019-03-19T14:47:34.857671",
    "schemaUrl": "https://www.cleverbridge.com/JsonNotificationSchemas/PaidOrderNotification"
  },
  "purchaseId": 123456789,
  ...
  "internalCustomer": "UUID-YOUR-UNIQUE-ID-1234-5678",
  ...
  "items": [{
    ...
    "recurringBilling": {
      "subscriptionId": "S12345678",
      ...
      "intervalNumber": 0,
      ...
      "nextBillingDate": "2020-03-19T14:47:34.857671",
      ...
      "renewalType": "Automatic"
      ...
    }],
  ...
  }
}

6. Retrieve the transaction data from the Cleverbridge notification (webhooks).
   The notification contains the internalCustomer field with your internal customer profile ID. For more information, see Notification Guide.

SAML

To activate SAML SSO (Security Assertion Markup Language sigle sign-on) for the checkout experience, contact our Client Experience team and provide them with your identity provider (IDP) settings.

The following diagram shows the customer flow with SAML SSO activated.