Documentation
Learn more about ByAllAccounts
Start typing to search…

Single Sign On (SSO) authentication for Account View

Single sign on (SSO) authentication is managed using ByAllAccounts DataConnect API.

Application integration outline

The main events in the application life cycle for single sign on (SSO) AccountView are outlined here.

  1. Session Authentication Request – Parent application uses a DataConnect request to authenticate and obtain session tokens. Session tokens are a Session ID and a Cross-Site Request Forgery (CSRF) Token.
  2. Invoke AccountView using URL and session tokens provided by step 1 (SSL is required).
  3. AccountView Accept/Decline User Agreement – This step is optional and is handled by AccountView. For more information, refer to “Additional AccountView Configuration of Interest to SSO”, in the AccountView Single Sign On Guide.
  4. AccountView application is presented in browser/frame.
  5. If the “keep alive” URL is specified as a dynamic URL or configured for the firm, then that URL is invoked in iFrame in AccountView when there is activity in the session.
  6. Application termination events to URLs that are specified as dynamic URLs or configured for the firm.
    • Session expiration causes redirect to the Session Timeout URL
    • User invoked “Exit” causes redirect to the Exit URL.

DataConnect SSO operations

Single sign on (SSO) authentication for AccountView consists of invoking a DataConnect API <SESSIONAUTHRQ> request. You provide your Administrator login name and password, identify the Advisor being authenticated plus providing the <ID> from the <USERADDRS> response as the <PERSON_ID> in <USER_IDENT>. We recommend that you expire the session using <SESSIONEXPIRERQ>.

Link to Postman for DataConnect API operation for authenticating an Advisor.

Link to Postman for DataConnect API operation for expiring the authenticated session.

Note: For DataConnect operations in Postman, use “Send and Download” then save the response as a .zip file. The response XML is inside that .zip file.

For more about these operations, refer to the AccountView Single Sign On Guide.

More about SSO and configuration options

This section presents some SSO configuration options to control the application authentication behavior. Additional information is in the AccountView Single Sign On Guide.

SSO navigation options

Your implementation manager can configure what URL to direct to upon AccountView application exit. By default, user exit directs to http://www.byallaccounts.net/WebPortfolio/avSSOExit.html. Your implementation manager can set a different exit URL and can set exit URLs for other types of behavior including for session time out and session “keep alive”. Optionally, you can dynamically handle the URLs. Refer to the AccountView Single Sign On Guide for information about the Exit URLs including how to dynamically handle them.

Updated about 18 hours ago

What’s Next