Sorry, we don't support your browser.  Install a modern browser

Single Sign-On (SSO)

If you have a website and your customers already have user accounts in that app, you can allow them to log in to your Nolt board using our Single Sign-On mechanism. This provides a more seamless experience for your users by eliminating the need for them to sign in to Nolt. You also know exactly who is posting and voting.

1. Create a SSO secret key

Navigate to Manage boardIdentify usersConfigure Singe Sign-On. Enter a value in the field SSO secret key or click on Generate. Remember, this key is secret. It should only be used from the server side of your application. Enable the integration.

2. Generate tokens on your server

To implement SSO, Nolt uses JSON Web Token (JWT). It's an open standard that describes a way of transmitting information between parties in a compact and secure JSON-based format. To make sure that the sender can be trusted, JWT uses a digital signature.

Install JWT package

$ npm install --save jsonwebtoken

Generate token

const jwt = require('jsonwebtoken');

function generateNoltToken(user) {
  const payload = {
    // The ID that you use in your app for this user
    id: user.id,
    // The user's email address that
    // Nolt should use for notifications
    email: user.email,
    // The display name for this user
    name: user.name,
    // Optional: The URL to the user's avatar picture
    imageUrl: user.imageUrl
  }

  return jwt.sign(payload, 'YOUR_SSO_SECRET_KEY', { algorithm: 'HS256' });
}

3. Authenticate the user

Paste this snippet before your </body> tag

<!-- Nolt library -->
<script async src="https://cdn.nolt.io/widgets.js"></script>
<script>window.noltQueue=window.noltQueue||[];function nolt(){noltQueue.push(arguments)}</script>

<script>
  nolt('identify', {
    // Replace the placeholder with your JWT
    jwt: '<THE_JWT_THAT_YOU_GENERATED_FOR_THIS_USER>'
  });
</script>

Place a link to your Nolt board somewhere inside your application...

<!--
Add the data-nolt attribute to enable SSO for this link.
Set data-nolt="modal" if you want to open the Nolt modal
instead of using the regular link behavior.
-->
<a data-nolt href="https://your-board.nolt.io">
  Feedback
</a>

...or use one of our widgets

In that case, you don't need to do anything else.

4. Set up a remote login URL (optional)

By default, Nolt uses its own authentication. If a user is not logged in, we'll ask them to create a Nolt account. If you want to disable this, and only use accounts from your app, you can do so by filling out the Remote login URL field in your SSO board settings. The following steps provide instructions on how to set up the SSO redirect flow on your side:

  1. Create a Nolt SSO login page on your website.
    This is the page we will send your users to log in (Remote login URL).
  2. Authenticate the user.
    Display a login form if the user is not logged in in your application.
  3. Generate a JWT token for that identified user.
  4. Redirect the user back to your board's SSO endpoint.
    https://YOUR_BOARD.nolt.io/sso/JWT_FOR_THIS_USER?returnUrl=RETURN_URL
    When we send users to your remote login URL, we include a returnUrl query parameter. Append that value to your SSO board URL. This tells us where to send users after they have been authenticated.