Dashboard with multiple domains (not same login)

I have a question about creating a dashboard which is connected to other web applications.

I want to create a dashboard with a login. This dashboard should be connected to 2+ web applications. However, the logins are not the same for the dashboard and the other web apps. The idea is, when I have logged into the dashboard, I am able to gain an overview of the different web applications and by pressing e.g. web app A, I am then navigated to that web app (not having to log into it as I did that when logging into the dashboard).

How would this work? I’ve been trying with AuthO, but I can’t figure out how to do it when not having the same login for the web applications.

To sum up:

Person A logs into the Dashboard which authenticates for:

Web App A - login credentials 1
Web App B - login credentials 2
Web App C - login credentials 3

I am then able to quickly navigate to one of the three web apps through the dashboard, without any further login.

These three Web Apps A - C, what kind of applications are those? Some you control / have developed and you can change eventually? Or is it standard software which you have no control over? Do these apps allow for federated authentication (supporting OAuth2, OpenID Connect or SAML protocol?)

However, the logins are not the same for the dashboard and the other web apps.

By that, do you mean only the passwords differ or also the user id (username, email, etc.)? In your example: would Person A user the same username to log into A/B/C ?

Great questions, I apologize my lack of depth. I’m fairly new in this area and seeking as much knowledge in it as possible - I appreciate your help. :pray:

To answer your questions:

  1. The web apps are not some that I can control. Maybe one or two of them we could communicate with and discuss options with communication and data integration (APIs).

  2. As I’m in brainstorm mode and coming up with an answer to wether or not this is possible - I don’t actually know what authentication systems the different web apps utilize. However I do know one and that’s Moodle, and I’ve read here:

https://docs.moodle.org/38/en/Authentication

They mentioned CAS server (SSO). I believe I could find out what each web app uses authentication wise but I highly doubt they use the same systems. :thinking:

  1. Yes, the passwords, username, email etc. would differ from web app to web app. User A might use firstemail@gmail.com for web app A but secondemail@gmail.com for web app b. Which is why I’m rather perplexed if this Dashboard could work.

There’s no way to handle this in a secure way without changing the underlying authentication mechanisms of the web apps A-C. Best to configure the applications over to a SSO / Single-Sign-On approach using what’s called Federated Authentication.

The easiest would be if all apps A-C support OAuth2 / OpenID Connect (OIDC). Then Auth0 can act as the central OAuth2/OIDC identity provider.

From Moodle I know they support it:

https://docs.moodle.org/38/en/OAuth_2_authentication
https://moodle.org/plugins/auth_oidc

Best to check if the other two apps do as well.

1 Like

That makes sense, thank you. I have a couple of more questions.

  1. Would the users for this dashbord have to use the same email over all the web apps that support OAuth? Is that understood correctly? That this is how they get authenticated, via their email (which sends a request). What if the users regularly change their email? I assume it does not have to be a Google account or similar that is used to access the Dashboard?

  2. If I understand correctly, the users gain access through a post request in the Dashboard application, would the “login” to other web apps happen when logging into the Dashboard, or first when I press a link to e.g. Moddle, when does authentication occur for the “linked” web apps? I guess I’m struggling to see how the “connection” of all the apps works.

Really appreciate your help :blush:

The idea of using OAuth and the federated approach is for the user to get rid of his 3 sets of credentials and only use one account to login. He can use this account then to log into the dashboard as well as logging into each application individually if he wanted.

Just the same approach of the “Login with Google” or “Login with Facebook” that you probably know from other websites. As you know, the user there only needs to know his Google/Facebook credentials, he doesn’t use any other username/password pair.

But of course it depends what identity providers each of the application A-C allows. This of course is something that needs to be checked with the application owners of apps A-C, especially whether they support the so-called “Bring Your Own Identity (BYOI)” approach.

If above isn’t possible, then imo there isn’t a way to realize such dashboard properly.


Regarding the other initial question about a user using different email addresses (although it’s not really relevant in the OAuth scenario I described): the difficulty in this is - how would the Dashboard know which login credentials in app A-C belong to the same user if there’s no unique identifier?

How would the dashboard know that the user who logged in with jim.smith@ymail.com into the dashboard is the same that uses hellokittie@yahoo.com on App A and smith_jim@yandex.com on App B? How would the Dashboard figure out that mapping? This kind of mapping must be setup at least once in time somehow. You see the difficulty in here?


It’s also worth reading this blog post to get a general understanding on how SSO works.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.