Cross-domain authentication

Cross-domain authentication is a common approach in identity management that authenticates users for sites that run on different domains. ReachFive handles this even for browsers that block third-party cookies.

Cross-domain authentication is much more streamlined when using SSO. We use cookies to maintain user sessions on the browser. This is okay for most browsers as the cookie from a valid user session is used on the other domain.

However, if the browser blocks third-party cookies, as is the case with Safari, Firefox, or Chrome (incognito/private mode), the SSO session doesn’t share the cookie on the authentication domain that is different than the website domain.

We offer straight-forward solutions to handle this scenario.

Hosted Pages

Recommended

Using our Hosted Pages option, we handle the authentication meaning that user authentication is handled from the same domain independent of your different site domains. In this case, the user has a flawless journey within your network of sites, because SSO cookies remain on the same authentication domain no matter the site within your site ecosystem.

The Hosted Page handles, authenticates, and redirects users as necessary all while maintaining their SSO session.

diagram
Hosted Pages
See our Hosted Pages guide for more details.

Custom internal implementation

By mimicking the Hosted Pages process, you can implement a custom approach to handle browsers that block third-party cookies. You must handle the authentication on the custom domain and use the loginFromSession method to redirect users to the site after successful authentication. See the flow below for more details.

You must have a dedicated authentication page similar to the /auth Hosted page to achieve this. This ensures authentication is always done on the same domain which then redirects your users to the original website upon successful authentication.

diagram
Custom Solution

Refresh tokens

Using refresh tokens will enable Cross-domain authentication, but the session is maintained in the backend (with the refresh token) as opposed to in the browser.

A refresh token is a credential that obtains an access token (and new refresh token). The refresh token itself does not communicate with the resource server, but instead is granted to the application along with the access token from the authentication server.

See our Refresh tokens guide for more details.
Feedback