Single sign-on (SSO)

If you have a website and your customers already have user accounts in that app, you can allow them to log in to your Nolt board using our single sign-on mechanism. This provides a more seamless experience for your users by eliminating the need for them to sign in to Nolt. You also know exactly who is posting and voting.

1. Create a SSO secret key

Navigate to your board → Settings → Identify users with SSO. Enter a value in the field SSO secret key. Remember, this key is secret. It should only be used from the server side of your application. Enable the integration.

2. Generate tokens on your server

To implement SSO, Nolt uses JSON Web Token (JWT). It's an open standard that describes a way of transmitting information between parties in a compact and secure JSON-based format. To make sure that the sender can be trusted, JWT uses a digital signature.

Node.js PHP Python Ruby

Install JWT package

$ npm install --save jsonwebtoken

Generate token

const jwt = require('jsonwebtoken');

function generateNoltToken(user) {
  const payload = {
    // The ID that you use in your app for this user
    id: user.id,
    // The user's email address that
    // Nolt should use for notifications
    email: user.email,
    // The display name for this user
    name: user.name,
    // Optional: The URL to the user's avatar picture
    imageUrl: user.imageUrl,
    // Optional: The user's role on your board if you want to grant them admin or moderator permissions
    // The value must be either 'ADMIN' or 'MODERATOR'
    noltUserRole: user.noltUserRole,
  }

  return jwt.sign(payload, 'YOUR_SSO_SECRET_KEY', { algorithm: 'HS256' });
}

3. Authenticate the user

HTML

Paste this snippet before your </body> tag

<!-- Nolt library -->
<script async src="https://cdn.nolt.io/widgets.js"></script>
<script>window.noltQueue=window.noltQueue||[];function nolt(){noltQueue.push(arguments)}</script>

<script>
  nolt('identify', {
    // Replace the placeholder with your JWT
    jwt: '<THE_JWT_THAT_YOU_GENERATED_FOR_THIS_USER>'
  });
</script>

Place a link to your Nolt board somewhere inside your application...

<!--
Add the data-nolt attribute to enable SSO for this link.
Set data-nolt="modal" if you want to open the Nolt modal
instead of using the regular link behavior.
-->
<a data-nolt href="https://your-board.nolt.io">
  Feedback
</a>

...or use one of our widgets

In that case, you don't need to do anything else.

By default, Nolt uses its own authentication. If a user is not logged in, we'll ask them to create a Nolt account. If you want to disable this, and only use accounts from your app, you can do so by filling out the Remote login URL field in your SSO board settings. The following steps provide instructions on how to set up the SSO redirect flow on your side:

Create a Nolt SSO login page on your website.
This is the page we will send your users to log in (Remote login URL).
Authenticate the user.
Display a login form if the user is not logged in in your application.
Generate a JWT token for that identified user.
See Generate tokens on your server.
Redirect the user back to your board's SSO endpoint.
```
https://YOUR_BOARD.nolt.io/sso/JWT_FOR_THIS_USER?returnUrl=RETURN_URL
```
When we send users to your remote login URL, we include a returnUrl query parameter. Append that value to your SSO board URL. This tells us where to send users after they have been authenticated.

4. Set up a remote logout URL (optional)

Add a Remote logout URL if you want to redirect users to a specific URL after they log out from their Nolt account.

Setting up SSO with OpenID Connect (OIDC)
Setup OpenID Connect via your IdP to provide single-sign-on.

Setting up SSO with SAML 2.0
Setup SAML via your IdP to provide single-sign-on.

Setting up SSO with Auth0
Setup single-sign-on (SSO) via Auth0.

Setting up SSO with Okta
Setup single-sign-on (SSO) via Okta.

Setting up SSO with OneLogin
Setup single-sign-on (SSO) via OneLogin.

Help center