hosted.IM: user authentication against your company database

ProcessOne - Juan Pablo Carlino (Process One) - October 27, 2011

Hosting.IM, the leading Cloud-based Instant Messaging service by ProcessOne, has extended further its user management integration features for larger companies. Please read about this new service below.

A common feature requested by many hosted.IM customers is the ability to authenticate users according to a pre-existent company database. Since then, we have implemented the possibility to authenticate against your POP3 or IMAP server. However it requires that your instant messaging domain name matches the domain from your e-mail addresses.

Several companies already have an intranet authentication backend, like LDAP, Active Directory or an Ad-Hoc database. On the other hand our experience with large sized companies is that is not a good idea to expose LDAP or Active Directory to the internet.

To overcome this problematic scenario we have added a new authentication method, which consists on delegating the authentication to an external REST API, acting as a façade to your own intranet database.

The behaviour expected by hosted.IM is fairly straightforward. Your API must answer a GET query with details about the user that is trying to authenticate to your IM domain with ‘true’ or ‘false’ depending on whether the user is authorized or not.

In the image below we see how mydomain.com administrator sets https://mydomain.com/auth as the REST URL and clicks on the highlighted Verify your service link to ensure hosted.IM is able to contact it:

image

The next step would be to click on the ‘Switch’ button and that’s all!. Now hosted.IM will authenticate users against your company data source.

Below is the specification of the authorization API:

                     
URLConfigured on hosted.IM user administration form. Could be HTTPS (recommended) or HTTP
MethodGET
ParametersusernameUsername part of the user ID to be validated
passwordPassword sent by the user to be validated
domainDomain part of the user ID to be validated
secretArbitrary string defined on hosted.IM user administration form
Expected replyCode200 OK
Content-typeapplication/json
Bodytrue if authorized; otherwise false
ErrorCodeAny HTTP code, according to the error type. It will deny user access.


This release also includes other improvements suggested by our users. It contains also bug fixes.

As we continue improving daily our service, we will greatly welcome your feedback. There is already much more to come soon. Thank you!

Links:



Categories: Companies  ProcessOne