Registration with Janrain (Server Side)

Registration of an account when eSuite will be the secondary IDM with the primary IDM for the platform being Janrain. The Account Creation will be this processed through middle ware server to call to eSuite.

Description

When eSuite is the secondary IDM with as Janrain the primary IDM, eSuite will communicate and authenticate with Janrain using the Janrain Token passed in through the API. The values returned from Janrain are what are used within eSuite to create the account.

The diagram below shows Server-Side implementation of user registration flow using Janrain. When a new user is created on your platform they will first to be created directly within Janrain either direct from the user’s browser or via the middle ware.

Once the user is registered within Janrian, if the registration is through the browser the browser will call through to the middle ware to perform the registration with the Janrain AuthToken.

As soon as the middle ware has the Janrain AuthToken, either from the browser or in the response from Janrain the middle ware makes a call into eSuite passing in the Janrain AuthToken. This initial call to the eSuite platform will determine if the users account already exists, during this check eSuite calls to Janrain with the AuthToken passed in to retrieve the account details stored in Janrain.

Once the account details have been returned from Janrain, eSuite uses these to look up the account. If the account is not found, then the data is stored in a session within eSuite and a response of NoAccountMatch is returned along with the Session ID where the account details are stored.

After a response of NoAccountMatch is returned from eSuite to the middle ware, the middle ware will need to make another call into the eSuite platform which is used to create the account within eSuite and link it to the Janrain account which was returned. This second call will pass in the Session ID which was returned from the initial call to pull back the account details provided by Janrain on the creation of the account.

After the account has been created the middle ware will return the Account Details and Session ID back to the browser to enable access for the user in the future while their session lasts.

Janrain Prerequisite

To enable communication between eSuite and the Janrain platform the following information needs to be provided to MPP Global.

Janrain Application Name
Janrain Application ID
Janrain Application Secret

Once provided and registered within eSuite MPP Global will provide the following:

MPP Application ID

These settings will need to be provided for both the UAT and Production environment as these will be different on Janrain's Sandbox and Production environments.

Workflow

Authentication

As these are server-side API being called then server-side authentication is used for the API. API authentication method details can be found here: https://supportstaging.mppglobal.com/technical/esuite-rest-api-support/authenticating/

eSuite Authentication Prerequisite

To enable access to Server Side API's eSuite MPP Global will provide the following:

Client ID
Client API Password

These settings will be provided for both the UAT and Production environment as these will be different between environments.

API Documentation

Details on the API used in this diagram can be found at the links below:

api/accounts/authenticate/external-providers - https://dev.mppglobal.com/reference#accounts_byexternalproviderv11
api/accounts/external-providers - https://dev.mppglobal.com/reference#accounts_addaccountbythirdpartyv11