Brand – SSO management
Brand Account Management Process
In Aprimo DM, there are two types of brand account users. The main administrator will login via the brand account, and all other brand users will login via a brand user accounts.
- Brand administrator account can only be created by Aprimo admins.
- Brand administrator account details can be managed via Brand Account REST APIs
- Only a single admin user is allowed
- Brand user accounts can be managed via Brand User Endpoint REST APIs
Brand login
Brand SSO user login
This endpoint should be used to login a brand admin user or brand user into Aprimo DM
- Use the GET endpoint below
Brand - SSO technical detail
There are two methods for invoking the Aprimo Brand SSO Endpoint – GET and POST.
GET Parameter overview
Use this endpoint to log in an existing brand user or brand admin user
- Email, the email address of the brand user who is attempting the login (note: email address is the unique identifier for brand users)
- Source, a unique identifier for your brand provided by Aprimo DM.
- Nonce, a number used only once that must be a positive integer that increments each time a call is made for a particular user. The nonce is tracked per user, so the same number may be used for different users, but only once per user. Note the below examples of when a nonce is valid or invalid. The nonce prevents HTTP replay attacks.
- Code, a calculated HMAC using the SHA256 algorithm using a key that Aprimo DM provides. This serves to validate that the request is coming from the source that it claims to be as well as prevents query string tampering. While the parameters which calculate the HMAC are case sensitive, the resulting value (a string of hex values) is not.
The code may be formed by concatenating the email, source, and nonce parameter values with no spaces or characters between and running the resulting value through a SHA256 hash code function.
In order to implement Aprimo DM SSO, query string parameters must be passed to an endpoint via HTTP GET.
A sample URL may look like:
https://subdomain.aprimodm.com/advantage/sso/brand?source=brandsb&nonce=4&email=acmedemo@aprimo.com&code=4ECBB0FDE338284F390015DCBD9F809BA0953FC1213409ABF924EBF4E1550ED6&id=&language=en-us
Post Body
Use this endpoint to create a new brand user and login that user right away
If electing to use HTTP Post, the following parameters may be passed in and defaulted on the form.
| Form Key Name | Field of Registration Form | Required | Additional Details |
|---|---|---|---|
| FirstName | First Name | Yes | |
| LastName | Last Name | No | |
| Title | Title | No | |
| ContactEmail | Yes | Valid email address | |
| Phone | Phone | No | |
| PhoneExt | Ext | No | |
| Territory | Territory | No | Valid option setup by brand |
| Location | Location | Yes | Valid location configured by brand |
| DigitalProfilePicture | Profile Picture | No | Represented in base 64 format |
| AccountAccess | Account Access | Yes | Valid access option in platform |
| Business Role | Business Role | No | Valid role option in platform |
| About Me | About Me | No | |
| IsPrimaryContact | Primary Contact | No | Only 1 primary contact per brand |
Below is some sample C# code used to generate a sample URL for Aprimo DM SSO’s GET endpoint.
Running this code produces the sample URL.
SSO Sample
The Aprimo DM SSO Sample is available at: https://sandbox.aprimodm.com/BrandSSORegistration.html
This generates a GET request.
Below is a screenshot of the SSO sample page.
This sample is written entirely in client-side code. You may view source on the sample page to see the javascript used to generate the request and HMAC. Note that the crypto-js library is used to generate the HMAC in this example which has its own 3rd party license.
