Learning Center/API and Integration/Embedding
Embedding API
Christian Pedersen
posted this on December 07, 2010 04:00 am
If your company has an intranet or portal that your users use for everyday activities, it is very useful to have links to the cloud apps you use on that page. While you can link directly to apps with links like http://mail.google.com/a/mycompany.com or http://mycompany.zendesk.com/ it will provide a great user experience if you link to those applications using the embedding feature of OneLogin.
The embedding feature of OneLogin provides you with a list of the applications that each individual user has access to, based on that users email address. The user does not need to be logged into OneLogin in order to have that list embedded in the intranet, as embedded also require the embedding token.
Note: Once a user clicks one of those links, the user will be required to login to OneLogin if the user doesn't already have an active browser session.
Usage
The embedding API is ment for integrating a OneLogin dashboard tightly into your intranet or application, and requires some programming work to implement. Depending on your system, this may be more or less complicated, but we'll provide an easy to follow C# sample below.
To retrieve a list of applications for a user, use the following URL:
https:// app.onelogin.com/client/apps/embed2?token={token}&email={email}
Replace the placeholders with the corresponding values. To retrieve the embedding token, go to https://app.onelogin.com/embedding. The URL will return an XML document containing the list of applications available to the email address provided. The XML document has the following format:
<apps>
<app>
<id>9804</id>
<icon>https://app.onelogin.com/system/icons/gotomeeting.png</icon>
<name>GoToMeeting</name>
<provisioned>0</provisioned>
<extension_required>true</extension_required>
</app>
<app>
....
</app>
...
</apps>
The elements above is the following:
- id: This is the application ID which is used to launch the application using OneLogin. (see below)
- icon: A URL to the icon for the application. You can choose to use this in your application if you like, but it's not mandatory.
- name: This is the name of the application. This can be overwritten in OneLogin by going to https://app.onelogin.com/apps
- provisioned: Indicates weather a username and password has been stored on the login for the app and user.
- extension_required: Indicates weather the app requires the OneLogin browser extension to login.
To use the information from the embedding API, render a list of links for each app element in the XML document. The form should be the following:
<a href="https:// app.onelogin.com/client/apps/launch/#{id}">#{name}</a>
If the user is logged in to OneLogin when clicking one of the links, the user will be logged into that application directly. Otherwise a prompt for username and password will be shown.
Fair Use Policy
Please only use this API on a portal-like page, i.e. a page where users go to launch applications. The API is not intended for embedding apps on every single page in an intranet as this will generate an unnecessary load on our system.
Combine with Remote Authentication
If your portal knows the identity fo the current user (e.g. the user is logged in), you can leverage our remote authentication API to log users into OneLogin automatically by federating the current users context into OneLogin. For an in depth description of the remote authentication API, click here.
Comments
Very cool feature! How can I use it to embed the apps in our Intranet confluence wiki? I have no programmable access to it, but can embed custom HTML/Javascript pages.
Will you be posting a code sample in PHP or Ruby? Thanks!
Does anyone have a handy PHP sample for implementing (custom HTML page)? Would love to get this into our Joomla installation in combo with Remote Authentication; much appreciated for any related advice/help!