Why embed credentials?
This article will show you how to embed login credentials into a url. Why would you want to do this? Here is an example scenario:
Say that you have a user area on your own website, not on ScreenSteps. You create a site on ScreenSteps that you want those users to have access to but you don't want to go through the hassle of setting up user accounts for everyone on ScreenSteps. You can use this method to provide a link in the user area that will take them to your site on ScreenSteps and automatically log them in under a shared user account.
Feature Trade-offs
Given this method uses a single shared user account, reporting will not accurately show unique user activity. Course progress and Bookmark usage will also be compromised, as these features rely on tracking individual user activity.
Security Considerations
A couple things that you should be aware of:
- Anybody who has this url can login to the site. You may want to update the password periodically.
- If you use http instead of https for the url then the url will be sent unencrypted. If someone is sniffing your traffic they would be able to see the username and password in the url.
If you need lock-tight security for your content or want to use features like Courses or Bookmarks, then you should create reader accounts for each person that is going to access that content or use Single Sign-on.
But if you just need something simple that will keep unauthorized people out of the site while at the same time make it easy for your authorized users to get access to the content then this can be a good solution. To set it up, follow these steps:
1. Create an API User
First you will want to create a new API Access account. This account will be the login for everyone from your own site. In this example we will say that the username is "myusers" and the password is "mypassword".
2. Give the User Site Permissions
Then add this user to a protected site on your account. They will now have permission to view the site.
3. Create your Emdedded URL
Copy the url for the site and add on the authentication parameters.
IMPORTANT: Don't copy the url the admin area of your account. API Access users cannot access the admin area. Make sure you copy the public url.
If the url for your space was https://myaccount.screenstepslive.com/spaces/2345 then you would want to add ?login=myusers&password=mypassword to the end. The result would look like this:
https://myaccount.screenstepslive.com/s/2345?login=myusers&password=mypassword
Special characters such as "@" in the email or "&" in the password will need to be encoded in order for your URL to work properly. If needed, see this article on how to encode special characters for your URL.
4. Use the URL elsewhere
When a user clicks on this url they will be taken to space 2345 and automatically logged in. Anybody just going to https://myaccount.screenstepslive.com/spaces/2345 will be asked for a username and password.
John Readwin
I have found that if for instance the password contains a punctuation character, then the URL passes it as that character and doesn't not properly encode it ( i.e. ! should encode to %21 but it doesn't and thus the url's break i some browsers.
Trevor DeVore
@John When creating a URL by hand you are responsible for encoding any special characters. Just replace the punctuation character with the encoding form and you should be good to go.
John Readwin
Trevor my bad, perhaps this wasn't the correct article to post to, but the URL issue occurs when using the "Embeded login URL" function in Screensteps live
Mohammed Samiuddin
Hi
I am not sure if it is possible but i would like to share for some suggestion how can I achieve it
I have a internet website also I have login account
I have embedded Link in our organization Internal Portal
What I want is Whenever user click the link it should not ask them to login
it should directly take them to the page after login with Successful login
Not Sure if it is possible But Suggestions are welcome
Trevor DeVore
@mohammed - the instructions on this page should do what you are asking. The other alternative is to setup Remote Authentication with ScreenSteps. With Remote Authentication ScreenSteps will authenticate people using your web server. http://help.screensteps.com/m/remote_authentication
Nicole Biesenbender
Hi, this method is great and it takes the user to the 'home' page of my Screensteps site. However, I would like them to go to a specific page beyond the 'home' page with embedded login credentials. Is this possible?
Trevor DeVore
@Nicole - the user should be taken to the page your link points to after they login. If it isn't working please contact us through support and we can troubleshoot.
Mark Welton
I have an application running on a separate server that users are required to enter their username and password. Within that app, I want to add a link that takes them to a wordpress web page having their username and password sign them in (to the wordpress site). I am using WP 5.1.
Will ScreenSteps work in this manner? if so, any help you can provide will be apprecitate.
Thank you
Mark Welton
Trevor DeVore
@Mark - Can you clarify where ScreenSteps sits in your design? You mention an application and WordPress but not ScreenSteps.