be Smart.
be Secure.
Phone: 800-441-6612

Single Sign-on (SSO) Integration with LuxSci

Do you have a web site or App that you control where users of that site/App are also users of LuxSci?  LuxSci’s single sign-on service enables your site or app to send these users to any page of their LuxSci interface without their to separately login to LuxSci.

Single sign-on integrates your site or app with LuxSci so that users need only login once (to your site or app) and then can seamlessly travel between them.  This is great for speed and usability.  It is also good for users to not need to remember more passwords.

How does LuxSci Single Sign-On Work?

SSO works through LuxSci’s API.

Get started:

  1. You must have an account with LuxSci (even a trial account)
  2. Request API access from support
  3. Create an API Instance and enable Single Sign-On for it (and lock it down with security restrictions, such as limiting it to the IP address of your web server)

Authenticate your users:

  1. Your site or app must authenticate your users.  This can be done any way that you like; e.g. with usernames and passwords or authentication tokens specific to your system.

Provide “Links to LuxSci” (best practice implementation):

  1. Where desired, make links so your users can go to LuxSci pages of your choice.  This can be any page: e.g. their email INBOX, a specific Workspace, an Address Book, a Calendar, the Help, Spam filtering configuration, etc.  Its up to you.
  2. This link takes them to a server-side function in your site
  3. That function:
    1. Checks that the user is still active and logged in
    2. Determines what URL on LuxSci the user wants to go to
    3. Determines what the user’s current IP address is
    4. Uses the LuxSci API to make an “automatic login” link for this user from this IP to this link.
    5. Your site then redirects the user to that link

The user is transferred to LuxSci:

  1. That login link automatically logs the user into LuxSci
  2. The link then takes the user to the desired page on LuxSci
  3. The user will remain logged into LuxSci until s/he logs out or his/her session expires.

The result — the user logins in to your site, does whatever he/she needs to, sees a link to something on LuxSci, clicks on it, and is taken seamlessly to that page.  The user can then do other things on LuxSci as well.

How is this Secure?

Security is a strong factor with single sign-on solutions.  LuxSci has done a lot to ensure security from its end.  It is up to you to ensure that you use the system in a secure way.

What LuxSci has done:

  1. Customer API accesses cannot generate single sign-on links that is unless explicitly enabled by the account administrator.
  2. Your API can only generate links for users in your managed accounts
  3. You can exclude users (e.g. your admins) from being eligible for the single sign-on process
  4. Each single sign-on link is only valid for the user in question, is only valid for 15 minutes, and can only be used from the user IP address specified when you requested the link.
  5. All single sign-on link requests and subsequent logins are logged.
  6. You can lock down your API so that it can only be used from specific IP addresses
  7. The API itself has many other security features.

What you should do as a developer:

  1. Ensure that your application only generates single sign-on links for people that have actually authenticated to your system.
  2. Do not deploy your code and API credentials to the public.  E.g. if you embed the API code directly in an App, then your API credentials could be compromised and used to allow attackers to login as users in your account (and only your account). This would be like coding everyone’s usernames and passwords in your App — you would never do that, right?
  3. If you are using this with a deployed App, have the App make authenticated calls to some web site that you own, so that the web site (and not the App) can verify user authentication and perform API calls in an insulated and secure way.

Read: About LuxSci’s API (you must login to your LuxSci account to read this documentation).

Try out LuxSci’s API.

Leave a Comment

You must be logged in to post a comment.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries