Products Integrations Pricing Contact Us Login Signup

Single Sign-On (SSO) Integration Guide

This guide explains how to set up Single Sign-On (SSO) integration using a public key and encrypted user data.

Using SSO allows users to log in securely without entering their password manually.

#

How SSO Works

The SSO process includes the following:

  1. Generate a public key for your domain

  2. Encrypt user details using the public key

  3. Generate the SSO URL using the encrypted token

  4. Redirect the user to the generated URL for automatic login


#

Step 1: Generate a Public Key

Before using SSO, you need to generate a public key for your domain.

The public key is unique for each domain and is used to securely encrypt user data.

#

To generate a key:

  1. Navigate to the SSO settings section in the panel

  2. Click Generate Key

  3. Enter your domain details

  4. Save the configuration.

Screenshot 2026-05-21 at 6.41.51 PM.pngScreenshot 2026-05-21 at 6.43.52 PM.png
#

Additional Key Management Options

After generating a public key, you can also manage existing keys whenever required.

#

Edit a Public Key

You can update the following details of an existing key:

  • Domain

  • Status:

    • Active

    • Inactive

Note: Only active keys can be used for SSO encryption.


Delete the Generated Key (UI)

Keys can be deleted if no longer required. Once deleted, encryption using that key will no longer work.


Screenshot 2026-05-21 at 6.45.05 PM.pngScreenshot 2026-05-21 at 6.45.21 PM.png

#

Option A: Encrypt Data Using Custom Code (PHP)

You can generate the encrypted SSO token directly from your server using your public key.

A sample PHP script can be used to:

  • Encrypt the data using the public key

  • Generate a secure token

You may also implement the same logic in other programming languages based on your application requirements.


<?php
$publicKey = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpw15zd52NU5xFP1rS9r
AQDpjgpW5wMqT05aFXt/HpV5DQTOQddUCIAtewbWvw3FkwsAON+jUeQwhOqLFZqV
0tESZDwhzgTXUpF+6uNgATNqe8tPlEFNRTkHrzFC3nZOGbDbUY8JoT81R3/gMCqI
EjCM43+62zxlzYr5B9oSbn2lS4B03mhNO9Su3WUOLeAgbT0rZCAdveMBhjHiQ9HE
XckEAGHQjPSXRd13iP4t4gpyo0j1OuEhfZO2reou29juqJSRL2hU616AsS0dsBsl
x2RBlQ4XNOVx3LWNdfXKz2J2/zxRv25igdDwALDemjjbnXP2IbS+Wefa3EH0D1xE
JQIDAQAB
-----END PUBLIC KEY-----";

$payload = [
    "name" => "QA subaccount",
    "email" => "[email protected]",
    "mobile" => "919827205005"
];

$publicKeyResource = openssl_pkey_get_public($publicKey);
if (!$publicKeyResource) {
    throw new Exception("Invalid public key");
}

$data = json_encode($payload);
$encrypted = '';
$result = openssl_public_encrypt($data, $encrypted, $publicKeyResource);

if (!$result) {
    throw new Exception("Encryption failed: " . openssl_error_string());
}

echo rtrim(strtr(base64_encode($encrypted), '+/', '-_'), '=');
?>

Test Online: You can run this script at https://www.programiz.com/php/online-compiler/


#

Step 2: Generate the Final SSO URL

After encryption, you will receive a Base64 URL-safe encoded token.

Use this token in the following URL format:

<BASEURL>/sso?token=<encrypted_data>
#

Example

https://control.msg91.com/sso?token=xxxxxxxxxx

Replace:

  • <encrypted_data> with the generated encrypted token

Once the URL is created, redirect the user to it for automatic login.


#

Important Notes

  • Ensure your server date and time are accurate to avoid token validation issues

  • Always use the latest active public key for encryption

  • Tokens are time-sensitive, so users should be redirected immediately after token generation

  • Tokens generated using deleted or inactive keys will not work


DocStarBuilt with DocStar