Documentation Documentation

Admin API Single Sign On

The Dashboard Admin SSO API allows you to implement custom authentication schemes for the Dashboard and Portal. Our Tyk Identity Broker (TIB) internally also uses this API.

In a production environment, you need to change the default admin_secret value that is called by the admin-auth header in your tyk_analytics.conf file. This is located in /opt/tyk-dashboard.

Generate authentication token

The Dashboard exposes the /admin/sso Admin API which allows you to generate a temporary authentication token, valid for 60 seconds.

You should provide JSON payload with the following data:

  • ForSection - scope with possible values of "dashboard" or "portal"
  • OrgID - with your organisation id.
  • GroupID - the group id
  • EmailAddress - user email
Property Description
Resource URL /admin/sso
Method POST
Body {"ForSection":"<scope>", "OrgID": "<org-id>", "GroupID": "<group-id>"}

Sample Request

POST /admin/sso HTTP/1.1
Host: localhost:3000
admin-auth: 12345
    
{
  "ForSection": "dashboard",
  "OrgID": "588b4f0bb275ff0001cc7471",
  "EmailAddress": "[email protected]",
  "GroupID": ""
}

Sample Response:

{"Status":"OK","Message":"SSO Nonce created","Meta":"YTNiOGUzZjctYWZkYi00OTNhLTYwODItZTAzMDI3MjM0OTEw"}

See Single Sign On documentation for how to use this token and more details.