Multi-tenant integration (single sign-on)

Preface

Multi-tenancy is a common approach for any cloud based application. Single instance strategy for different organizations is always more effective in terms of maintenance and costs.

The Editor component aims at helping to create and manage the visual representation of a seating chart. This document covers all cases when a ticketing platform provides multi-tenancy and desired integration model shall support that kind of scenario.

Goals

The primary goal is to support multi-tenant models seamlessly between two platforms. seatmap.pro allows organizing separated workspaces for different organizations. To achieve the existing goals, we need to implement SSO functionality among two platforms.

Tenants might be represented as some organizations or clients in terms of ticketing software.

Integration

Definitions

Here and below, we are going to use the following terms:

• Ticketing Platform - TP - is a platform to integrate
• Editor - SMP - seatmap.pro platform

Model

We link users to a specific tenant, so we are defining some scope or restriction to separate access between two or more organizations.

Basically, a single tenant or organization can contain multiple users.

Main flow

Let’s consider the initial scenario when a TP authenticated user is trying to open SMP UI. To skip the authentication step on the SMP side, an user shall have Session ID. To connect two platforms, we need to conduct the following steps.

1. To sync up organizations, TP identifies the current user’s organization and checks that it already exists on the SMP side and has some ID.
   • In case if an organization doesn’t exist on the SMP side, TP shall create it first with createOrganization method
2. When SMP’s organization id is known, TP is ready to retrieve Session Id with autoLogin method
3. As a result of autoLogin, TP may redirect or open up SMP UI with retrieved Session Id

Creating an organization

To create an organization programmatically, you need to call /api/auth/register method on the editor side.

POST /api/auth/register HTTP/1.1
Host: {EDITOR_HOST}
Content-Type: application/json
Content-Length: 164

{
    "email": "jd@seatmap.pro",
    "firstName": "John",
    "lastName": "Doe",
    "organizationName": "default",
    "password": "defaultPassword"
}

Based on this information seatmap.pro is going to create an organization named “default” (if it doesn’t exist) and register a new user named John Doe, with the jd@seatmap.pro email and predefined password (“defaultPassword”).

Auto login request

Auto login method allows getting a user session:

• login - user’s email address
• firstName - user’s first name
• lastName - user’s last name
• token - private key

POST /api/auth/autologin HTTP/1.1
Host: {EDITOR_HOST}
Content-Type: application/json
Content-Length: 164

{
    "login": "jd@seatmap.pro",
    "firstName": "John",
    "lastName": "Doe",
    "token": "{PRIVATE_KEY}"
}