kvCORE supports inbound and outbound SSO
Inbound - Login to kvCORE from a 3rd party
Outbound - Login to 3rd party from kvCORE
SSO Logins will be accessible from the 'My Business' tab on the kvCORE dashboard.
Outbound SSO Support
These are the current options for Outbound SSO's from within kvCORE.
Buyside
CirclePix
CloudCMA
Corefact
Form Simplicity - Agents must enter their NRDS ID. Click Here for instructions.
Homesource
IMLS
Keyes RE Training Center
LeadingRE
ListGlobally
Lolo
Luxury Portfolio
MyKeyes
Profit Power
Quantum Digital
Smarter Agent
Toolkit CMA
TrendGraphix
VHT
Voicepad
Xpressdocs
RealScout
Christie's
Outbound SSO Method
Key requirements for implementing vendor SSO from kvCORE
We require the vendor to use OAuth to support SSO. kvCORE will always use OAuth to connect to the vendor.
kvCORE must be the identity provider and will provide the vendor a list of client ID’s for a particular account using our JWT token authentication method. This is the same as other users of the API.
Use Case
Users need to be able to login to kvCORE and click on their company's 3rd party vendor button and have that SSO to the 3rd party vendor. There will be several vendors, so this needs to be a standard approach for all.
Getting Client ID’s
Vendors will make an API request every 4 hours to get the list of valid client ID’s from kvCORE. We will provide each vendor their own API key that will allow them access to that information.
Headers
Authentication: Bearer
Request
GET /public/agents
Authenticating
When authenticating, kvCORE sends a request to the vendors system that includes the following:
GET /oauth/authorize?client_id=&client_secret=&redirect_uri=&response_type=token&scope=
Vendor Authenticates and redirects user to the vendor_redirect_uri.
Inbound SSO Support
Buyside
Circlepix
Inbound SSO Method
Example Use Case
User is authenticated into a supported 3rd party, then goes to their kvCORE Dashboard. Instead of requiring the user to login again to access their dashboard, kvCORE would automatically authenticate them.
How it Works
Inside Real Estate provides 3rd Party Vendor (consumer) with a Client ID & Client Secret. During the setup process, Inside Real Estate requires the consumer to specify a redirect URI (where kvCORE should redirect the user after the SSO request is approved).
The consumer requests an authorization code and access token via the kvCORE /oauth/authorize endpoint.
Example: https://api.kvcore.com/oauth/authorize?client_id=1234&redirect_uri=http://example.com/callback
After receiving the authorization request, kvCORE will redirect the user to screen allowing them to approve or deny the SSO request. If they approve the request, they will be redirected back to the redirect_uri that was specified by the consuming application. Note, the redirect_uri must match the redirect URL provided by the 3rd party vendor during the setup process.
If the user approves the authorization request, they will be redirected back to the consuming application redirect_uri. The consumer then issues a POST request to kvCORE to request an access token. The request will must include the following:
{
"form_params": {
"grant_type": "authorization_code",
"client_id": "client-id",
"client_secret": "client-secret",
"redirect_uri": "http://example.com/callback",
"code": "response-code"
}
}
The endpoint will return a JSON response containing access_token, refresh_token, and expires_in attributes. The expires_in attribute contains the number of seconds until the access token expires.
To refresh the SSO Token, the consumer can issue a request to the /oauth/token endpoint with the following
{
"form_params": {
"grant_type": "refresh_token",
"refresh_token": "the-refresh-token"
"client_id": "client-id",
"client_secret": "client-secret",
"scope": ""
}
}
The endpoint will return a JSON response containing access_token, refresh_token, and expires_in attributes. The expires_in attribute contains the number of seconds until the access token expires.
Have more questions? Please reach out to Customer Support via the blue chat bubble to the right or by emailing kvcore@insiderealestate.com!
(Keywords: SSO, single sign on, Buyside, cloud CMA, admin)