The major components of Personify Single Sign-On are Microsoft .NET-based web services. These services run on a web server and provide an Internet interface to all vendor sites. The following operations are supported. For a formal definition, please review the Service Description.
· SSOCustomerRegister – Allows a vendor to register a customer with SSO.
· AuthorizeAccess – Authenticates vendors’ credentials and then authorizes their access to a particular web service.
· TIMSSCustomerIdentifierGet – Provides the Personify Customer Number. Must be called with a valid Customer Token. The Personify Customer Number is needed when calling the Data Access web services to get more customer information. This would be normally called by vendors who do not have their own identifier for a customer via VendorSSOCustomerIdentifierGet.
· VendorTokenEncrypt – Returns the encrypted Vendor Token. This method allows a vendor to create a valid token without having to implement Rijndael encryption.
· VendorSSOCustomerIdentifierSet – Allows vendors to determine how they identify a customer. The identifier is a custom identifier which SSO associates with this customer for a particular vendor.
· CustomerTokenDecrypt – Returns the decrypted Customer Token. This method allows a vendor to decrypt a Vendor Token without having to implement Rijndael decryption.
· SSOCustomerTokenIsValid – Verifies that the customer’s token is valid. Tokens are single use. A new token is returned if the provided token is valid.
· SSOCustomerAuthenticate – Allows a vendor to authenticate a customer’s credentials with SSO.
· VendorSSOCustomerIdentifierGet – Provides the vendor’s identifier for a customer. Must be called with a valid Customer Token.
· SSOCustomerLogout – Logs the customer out of SSO. All Customer Tokens for this customer are no longer valid after they log out.
The following web services have been modified as of 7.4.1:
· SSOCustomerGetByEmail – Gets the SSO customer record. The service accepts email ID as the parameter. If two customers are sharing the same email record, this will throw an exception.
· SSOCustomerGet - Gets the SSO customer record. The service accepts Timss Customer ID (Combination of Master Customer Id and sub Customer Id) as the parameter.
· SSOCustomerGetByUsername - Gets rthe SSO customer record. The service accepts user name as the parameter. This function is to be used if the customer allows duplicate email records.
· SSOCustomerGetByCustomerToken – Gets the SSO customer record. The service accepts customer token as the parameter.
· SSOCustomerAuthenticate – Authenticates the customer and returns the vendor ID. The function does not authenticate if the account has been disabled.
· SSOCustomerUpdateEmail – Updates the customer's email. This service accepts email as the parameter. If two customers are sharing the same email record, this will throw an exception.
· SSOCustomerUpdatePassword - Updates the customer's password. This service accepts email as the parameter. If Two customers are sharing the same email record, this will throw an exception.
· SSOCustomerUpdateUserName - Updates the customer's user name. This service accepts email as the parameter. If two customers are sharing the same email record, this will throw an exception.
The following web services are new as of 7.4.1:
· SSOCustomerUpdateEmailByTimssID – Updates the customer's email address using Master Customer ID and Sub Customer ID. This is a Personify-specific web service and should not be used by other vendors.
· SSOCustomerUpdateEmailByUserName – Updates the customer's email address using the User Name as the input parameter. If clients are allowing duplicate emails for their SSO accounts, this is the web service they should use to update email for a customer.
· SSOCustomerUpdateUserNameByTimssID - Updates the customer's user name using Master Customer ID and Sub Customer ID. This is a Personify-specific web service and should not be used by other vendors.
· SSOSendPasswordReset – Sends an email to the customer to reset their password. This service requires email address only for reset password. Clients should use this service only if duplicate emails are not allowed in their system.
· SSOSendPasswordResetByUserName - Sends an email to the customer to reset their password. This service requires email address and user name for resetting the password. Clients should use this service only if duplicate emails are allowed in their system.
· SSOEnableDisableCustomerAccount – Enables or disables the customer's account. Once the account is disabled, the user will not be able to log in.