Creating a Seamless Login Experience
One way to improve the user experience as users go from your website/portal/application to the crunch application is to hide the authentication steps and log the user into Crunch automatically without having to enter a username or password.
The hooks Crunch offers to enable this include:
- Password authentication: By default, Crunch users enter a password to access the Crunch application.
- OAuth authentication: Organizations can act in the role of an OAuth provider, then Crunch can log the user in without needing to enter a password. Just-in-time user provisioning can be enabled so new users are automatically created in Crunch the first time the user logs into Crunch via OAuth. For more details on how to set up the partner's OAuth provider, see the Set up partner OAuth provider article.
- Google authentication: Crunch has a built-in integration with Google for users using Gmail or a Google account linked to their email. There is no need to set up a partner OAuth to use Google authentication.
- SAML authentication: SAML is a widely adopted enterprise solution that improves user experience by only requiring users to sign in once to access multiple applications. Just-in-time user provisioning can be enabled so new users are automatically created in Crunch the first time the user logs into Crunch via SAML. For more details on how to set up the partner’s SAML provider, see the Set up partner SAML provider article.
- One-click login: By default, Crunch users enter their email address to identify who they are, but if your website/portal/application already knows who the user is then you can embed their email address when you link to Crunch and the user can then log in without having to enter their email address. To use one-click login, simply link users from your website/portal/application to the crunch application adding the email address to the query string like this:
The following example uses [workspace] in the URL. Please replace [workspace] with your organization's workspace name.
<a href="https://[workspace].crunch.io/authentication/login?email=user@company.com">Go to Crunch</a>
- One-time passwords: If you as a partner prefer to maintain total control over a user's crunch access, you can keep the account email address and password to yourself and generate one-time passwords to log the user into Crunch automatically. For more detailed information about how to set up one-time passwords, see the One-time passwords article.
By employing one-time passwords, SAML, or OAuth+one-click login, customers can link directly from your website/portal/application to the Crunch application without having to enter a username or password.
Here's how it works:
All routes shown above work, but the highlighted routes indicate the most seamless ones with the least amount of user interaction.