Skip to main content

Single Sign-On (SSO) Solution


Agave Link can be used as a Single Sign-on (SSO) solution to allow users to login into your system with their existing Procore, Autodesk, and other accounts.

User Registration

When the end user clicks to login with a 3rd party system, invoke the Agave Link, let them login to the desired system, and get an account_token.


Step 2: Get Email and Account Info

With the account_token, you can then call the /link/account endpoint to get email and other metadata like name and company info.

Request

curl https://api.agaveapi.com/link/account \
--header 'API-Version: 2021-11-21' \
--header 'Client-Id: your_client_id' \
--header 'Client-Secret: your_client_secret' \
--header 'Account-Token: any_of_the_account_tokens'

Response

{
"account_id": "ee9b53e7-f982-4be6-bc12-75f716d3ee94",
"linked_company": {
"id": "ee9b53e7-f982-4be6-bc12-75f716d3ee94",
"source_id": "12345",
"name": "Agave construction Inc."
},
"linked_user": {
"id": "ee9b53e7-f982-4be6-bc12-75f716d3ee94",
"source_id": "12345",
"name": "John Smith",
"email": "jsmith@example.com"
},
"status": "linked",
"source_system": {
"slug": "procore",
"name": "Procore"
},
"supports_cross_account_uuid": true
}

Step 3: Create a New Account

If the email doesn't exist in your database, you can use the account info to create a new account:

  • Using linked_user.email as email address or username
  • Instead of storing a password, not that it's authenticated via SSO
  • Fill-in other data points as needed

Step 4: Login the User

🎉 Then, you can login the user to the account you just created.

User Login

Afterwards, when the end user tries to log in again, you can follow step 1 and 2 above.

Then, at step 3, instead of creating a new account, find the existing account in your database by matching linked_user.email and log the user in.