This article covers some of the best practices recommended by Bettermode when you are setting up SSO. Here are some of the things to should check while setting up SSO to ensure that it is implemented correctly:
User Database: The user database contains the user information of all the registered members. While creating an app, please verify that the correct user database is connected to your site.
Move to a custom domain before setting up SSO: If you plan to use a custom URL for your site, we strongly recommend moving your site to a custom domain before setting up SSO as SSO relies on a lot of URLs that are changed based on the URL of your site.
Password Criteria: When a site is using SSO, Bettermode doesn’t control the password criteria. It is controlled by the SSO Provider. Please review the password criteria set for site members so that you have the desired requirements applied.
URLs in Bettermode's SSO Settings: While adding the URLs in the Bettermode SSO settings, please ensure all the URLs added on Bettermode's side starts with https:// If a protocol is not added, SSO might not work properly.
Correct Redirect URL: Incorrect redirect (callback) URL is one of the most common issues that site owners come across. Please ensure that the correct redirect URL is added on your Authentication Provider’s side.
Correct User Profile Structure: Please verify that the user structure that is being sent to Bettermode has at least the name, email, and subfields added as these are the mandatory fields. To learn more about the User profile structure that needs to be sent, please visit our Developer’s Guide here: User’s Profile Structure
Direct Login: Direct Login option allows you to access your site using your email address and password. In most cases, Bettermode owners prefer using SSO as the only login option and disable the direct login option. It’s advised that the direct login is not disabled until you can confirm that SSO is working as intended. You can learn more about this setting here.
Correct time zone: It’s imperative that all timestamps use the correct time zone to avoid any SSO-related Issues. Please ensure that all timestamps (for iat and exp) are generated using Coordinated Universal Time (UTC).