Single Sign-On (SSO) Custom Authentication
Custom JWT-based SSO Configuration
Replace the entire Suggest Feature authentication system with your own app's login system.
Overview
To make the experience of Suggest Feature even more seamless for your end users, we recommend implementing SSO. This will allow users to sign in with their existing account, eliminating the need to create a separate account for Suggest Feature.
Setting up SSO for the Public Portal
This process involves setting up a dedicated page on your website to handle SSO authentication, creating and managing JWT tokens, and authenticating your users with Suggest Feature.
Authentication Flow
Your user clicks on the "Login with [Your Company] account" button on your Suggest Feature feedback board.
We redirect them to your website's custom login page, appending the
returnTo
parameter and thestate
parameter to the URL:https://yourwebsite.com/sso/suggestfeature?returnTo=https://app.suggestfeature.com/api/unauth/customSSO/code&state=xxxxx12312xxx
Your authentication system logs the user into your website and creates a JWT token.
You return the user to Suggest Feature with the generated token and the original
state
parameter:https://https://app.suggestfeature.com/api/unauth/customSSO/code?jwt=payload&state=xxxxx12312xxx
Suggest Feature logs the user in and automatically returns them to where they started the authentication process.
Implementation Steps

Set up a dedicated SSO page on your website (e.g.,
https://yourdomain.com/sso/suggestfeature
).Navigate to your Suggest Feature Dashboard → Page Settings → Custom JWT-based SSO Configuration, and enter the URL of the page you created in the SSO URL field.
When a user arrives on your SSO page, authenticate them using your app's authentication system and create a JWT Token for them following the JWT Creation Guide.
Redirect the user to the Suggest Feature JWT endpoint which was sent in the request in the
returnTo
url with thejwt
andstate
:https://https://app.suggestfeature.com/api/unauth/customSSO/code?jwt=payload&state=xxxxx12312xxx
If you encounter any issues or have questions, please contact our support team.
JWT Creation Guide
To create and sign a JWT for Single Sign-On with Suggest Feature:
Retrieve your private key from Dashboard → Page Settings → Custom JWT-based SSO Configuration → Copy the primary key. Store it securely on your server and do not share it with anyone.
On your server, generate a JWT token with your customer data using the examples below.
Install Required Packages
npm install --save jsonwebtoken uuidv4
Generate the JWT Token
const jwt = require("jsonwebtoken");
const { v4: uuidv4 } = require("uuid");
const SSO_KEY = "YOUR_JWT_SECRET";
function generateJWTToken(user) {
const userData = {
email: user.email,
name: user.name,
profilePic: "https://example.com/images/user-avatar.png",
customFields: {
role: "Product Manager",
department: "Engineering",
}
],
};
return jwt.sign(userData, SSO_KEY, {
algorithm: "HS256",
});
}
Replace YOUR_JWT_SECRET
with the secret for your organization.
To validate your JWT, go to Dashboard → Settings → SSO and use the validation tool provided.
Additional Considerations for Feedback Management
When implementing SSO for Suggest Feature, consider the following aspects specific to feedback management:
User Metadata: Consider including additional user metadata that could be useful for categorizing or filtering feedback, such as the user's department, location, or customer segment.
Example JWT Payload Structure
Here's an expanded example of a JWT payload that incorporates these considerations:
{
"iss": "<Your Company>",
"iat": 1726814619,
"exp": 1726815851,
"email": "[email protected]",
"name": "Jane Doe",
"customFields": {
"org" : "Google",
"mrr" : "100k"
}
}
Mandatary parameters
iat
: Issued at time in seconds . This should be the unix time in seconds when the token was generatedexp
: Expiry time. We validate the expiry time and if it exceeds expiry we reject the jwt token. Ideal expiry time is 30 mins.email
: The users are mapped based on email, and we send out notifications for post updates. Hence this is mandatory else its considered an invalid jwtname
: We expect you to collect their names and pass it on to us for easy identification on the portal
Implementing Feedback-Specific Features with SSO
Once you have SSO set up with these considerations in mind, you can leverage this information in Suggest Feature to enhance the feedback management experience:
Feature Request Prioritization: Leverage the customerSegment or other relevant fields to automatically assign priority levels to feature requests based on the submitter's profile.
Reporting and Analytics: Create more detailed and segmented reports using the additional user and organization metadata provided through SSO.
JWT Token Verification (verify during testing )

Use the "JWT Token Verification" field in the dashboard to test your tokens.
Enter a JWT token and click "Verify Token" to check its validity and if it has all the required parameters.
This tool helps ensure your token generation is correct and compatible with the current keys.
Token Key Management - Refresh Tokens

Suggest Feature uses a two-key system for SSO authentication, providing flexibility and security in key management.
Key Features:
Primary Key: Main key for JWT token verification.
Secondary Key: Backup key, also valid for verification.
Only the keys currently displayed in the dashboard are valid.
No other tokens are valid at any time.
Key Rotation:
Use the "Refresh" button to generate a new primary or secondary key.
The new key immediately replaces the old one.
Update your systems promptly to use the new key.
Best Practices:
Refresh keys every 30 to 90 days; monthly for high-security environments.
Immediately refresh keys if you suspect any compromise.
Update all systems promptly when a key is refreshed.
Keep key information confidential.
Verify tokens using the JWT Token Verification tool in the dashboard.
Set up reminders for regular key rotation.
Always use the most recently generated keys for token signing and verification.
This system ensures secure SSO operations while allowing for easy key updates.
Best Practices for SSO Implementation with Suggest Feature
Keep JWT Payloads Concise: While it's tempting to include a lot of user data, remember that JWTs are included in every request. Keep the payload focused on essential information for authentication and basic user context.
Regularly Rotate SSO Keys: Implement a process to regularly update your SSO secret key. This enhances security and allows you to quickly invalidate all existing sessions if needed.
Handle Token Expiration: Implement proper handling of token expiration on both your end and within the Suggest Feature widgets.
Test Different User Scenarios: Before fully rolling out SSO, test with various user types and permission levels to ensure the integration works as expected for all use cases.
Provide Clear User Instructions: Create clear documentation for your end-users on how to access Suggest Feature through your SSO implementation, especially if it differs from their usual login process.
Monitor SSO Usage: Implement logging and monitoring for your SSO integration to quickly identify and resolve any issues that may arise.
Conclusion
Implementing SSO with Suggest Feature not only streamlines the authentication process for your users but also enhances the feedback management experience by leveraging user data. By carefully considering the structure of your JWT payload and taking advantage of Suggest Feature's capabilities, you can create a more personalized, efficient, and insightful feedback collection and management process.
Remember, our support team is always available to assist you with your SSO implementation and to help you make the most of Suggest Feature for your organization's feedback management needs.
Last updated