How to federate identity with Zephr Identity

This article focusses on setting up Zephr as your primary identity provider. It uses similar mechanisms than other identity systems (described in How to federate your Authentication provider via OAuth and OpenID with Limio) with some enhanced settings to integrate more deeply Zephr with Limio.

Set up a shared domain for Limio and Zephr

For the Identity integration to work, Limio and Zephr needs to be on a shared domain.

In production:

Zephr customers typically integrate Limio on a shared domain between the Zephr site and the Limio Shop & Self-Service. For instance:

• If you are using Zephr's paywall on a website hosted on news.com
• And if you have a Limio Shop & Self-Service hosted on subscriptions.news.com

Limio and Zephr Identity will operate smoothly on the same main domain (news.com). To configure Limio on your custom domain, visit Add a custom domain to your Shop and Self-Service

Sandboxes: Similarly to the production setup, we recommend you create shared domains, for example staging.news.com and subscriptions-staging.news.com. 

However, you may not be ready to configure custom domains for sandboxes. Limio can then set up a custom domain hosted in Limio to use in Zephr (e.g. zephr-news.prod.limio.com). This will allow to have a shared domain across your Zephr sandbox and your Limio sandbox.

Please contact Limio Support with the title 'Request to create a Limio Domain to use in a Zephr sandbox'. Once created, you will then need to set up this domain in Zephr on Delivery > Sites > select a site > Domains. Learn more in Zephr's documentation.

Set up Zephr Identity in Limio

Limio can support v3 and v4 of Zephr Identity. Go to Limio Settings > Authentication Providers and click on 'Zephr Session' to set up identity federation with Limio.

To do so, you will need to provide:

1. Zephr Session Provider Name: This is the domain (Limio or custom) for your Limio Shop & Self-Service instance. 

2. Registration/Login Redirect URL: This URL is where users are sent to register or log in via Zephr. The {{redirect_uri}} placeholder dynamically inserts the return URL, so after logging in or registering, the user is redirected back to the original or intended page.

3. Zephr Public API Endpoint: This is the base URL for accessing Zephr's public API. The Public API provides common client-side actions tied to a session cookie.

4. Zephr API Version: Specifies the version of the Zephr API you're integrating with. API versions can have different features and capabilities. V4 is recommended.

5. Salesforce Integration: If you're integrating with Salesforce, this section defines how Zephr interacts with it.

   • Account Profile Field: This is the specific Salesforce field (e.g., 'sf-account-id') used in the integration, possibly for matching or syncing user accounts.

6. Limio Session: Configures the session settings in Limio.

   • Session Length (Hours): The duration a user session remains active in Limio before requiring re-authentication.

7. Field Mapping: This maps fields between Zephr and Limio, ensuring data consistency and correct field population across both platforms.

   • Zephr Field Name → Limio Field Name: Each mapping line indicates how a field in Zephr (like 'first-name') corresponds to a field in Limio (like 'given_name').

8. Zephr Private API Endpoint: This endpoint is for Zephr's Admin API. The Admin API is designed for server-side integrations, and it provides RESTful access to all Zephr functionality.

9. Access Key and Secret Key: These are credentials for authenticating access to Zephr's private API. They ensure secure communication and access control.

10. Site: This setting likely specifies the particular site or digital property within your Zephr setup that these configurations apply to.

Each of these settings plays a crucial role in ensuring that the identity federation between Limio and Zephr works seamlessly and securely, handling user data, sessions, and integrations efficiently.