This section provides an overview of how to complete a single sign-on (SSO) into Swipeclock and assumes that you are familiar with the Authentication Using a JWT Token section.
Once you have gotten your JWT access token described in the Authentication Using a JWT Token section, you can use it to complete an SSO into the Swipeclock system in one of two ways:
- Embedded HTML iframe/object
- Independent browser window/tab
Single sign-on allows an integrator to provide their Clients direct access to WFH components like Web Clock, Time Off, Time Cards, and Scheduling without requiring the client to log in multiple times. For example, an integrator may have a “Customer Portal” for their Client’s use. Using the Single Sign-On API, the integrator could provide a link that takes the Client directly to their Employee Portal without the Client having to login to WFH.
It is expected that integrators will use the external payroll system’s employee identifier to access the API using the employeeCode identification method, as described above in the “Employee IDs Versus Employee Codes” section. In this case, the integrator can then use the external system’s employee identifier to generate SSO tokens.
If you have had a previous integration to TimeWorksPlus and are now building an integration to WorkforceHub using the WFH API, it is important that you understand a difference between the two when implementing SSO. With TimeWorksPlus there was the concept of non-employee users for supervisors and client administrators. That concept does not exist in WorkforceHub. All WorkforceHub users are employees and permissions are managed by roles assigned on their employee record.