hosted.IM: user authentication against your company database

ProcessOne - Juan Pablo Carlino (Process One) - October 27, 2011

Hosting.IM, the leading Cloud-based Instant Messaging service by ProcessOne, has extended further its user management integration features for larger companies. Please read about this new service below.

A common feature requested by many hosted.IM customers is the ability to authenticate users according to a pre-existent company database. Since then, we have implemented the possibility to authenticate against your POP3 or IMAP server. However it requires that your instant messaging domain name matches the domain from your e-mail addresses.

Several companies already have an intranet authentication backend, like LDAP, Active Directory or an Ad-Hoc database. On the other hand our experience with large sized companies is that is not a good idea to expose LDAP or Active Directory to the internet.

To overcome this problematic scenario we have added a new authentication method, which consists on delegating the authentication to an external REST API, acting as a façade to your own intranet database.

The behaviour expected by hosted.IM is fairly straightforward. Your API must answer a GET query with details about the user that is trying to authenticate to your IM domain with ‘true’ or ‘false’ depending on whether the user is authorized or not.

In the image below we see how mydomain.com administrator sets https://mydomain.com/auth as the REST URL and clicks on the highlighted Verify your service link to ensure hosted.IM is able to contact it:

image

The next step would be to click on the ‘Switch’ button and that’s all!. Now hosted.IM will authenticate users against your company data source.

Below is the specification of the authorization API:

                     
URLConfigured on hosted.IM user administration form. Could be HTTPS (recommended) or HTTP
MethodGET
ParametersusernameUsername part of the user ID to be validated
passwordPassword sent by the user to be validated
domainDomain part of the user ID to be validated
secretArbitrary string defined on hosted.IM user administration form
Expected replyCode200 OK
Content-typeapplication/json
Bodytrue if authorized; otherwise false
ErrorCodeAny HTTP code, according to the error type. It will deny user access.


This release also includes other improvements suggested by our users. It contains also bug fixes.

As we continue improving daily our service, we will greatly welcome your feedback. There is already much more to come soon. Thank you!

Links:



Categories: Companies  ProcessOne  

Comments

anonymous avatar

I was deeply admired by your blog and its posts. I’m really happy to read it and be able to share my thoughts about it. I take this opportunity to say that I am impressed with the way you presented this blog.
Herbal Incense

Posted by sugral on 11 Dec 2011 at 16:11



 
anonymous avatar

Awesome. Fantastic goods from you, man. Ive study your stuff ahead of and you’re just as well amazing. I enjoy what you’ve got right here, adore what you’re stating and the way you say it. You make it entertaining and you even now manage to help keep it wise.
modern warfare 3 tips

Posted by babillo3 on 17 Dec 2011 at 00:26



 
anonymous avatar

I was greatly popular by your site and its content. I’m really delighted to study it and be able to discuss my ideas about it. I take this chance to say that I am pleased with the way you offered this site.
yaktrax

Posted by sedlehe on 22 Dec 2011 at 12:56



 
anonymous avatar

I was greatly popular by your site and its content. I’m really delighted to study it and be able to discuss my ideas about it. I take this chance to say that I am pleased with the way you offered this site.hivdbpuef sg zfjrwfmwu hg mtvjisxdp te cfpoeklxv

Posted by fonymous on 28 Dec 2011 at 03:24



 


Add comment

Name:

Email:

URL:

Smileys

Remember my personal information

Notify me of follow-up comments?