kvCORE supports inbound and outbound SSO


Inbound - Login to kvCORE from a 3rd party
Outbound - Login to 3rd party from kvCORE

SSO Logins will be accessible from the 'My Business' tab on the kvCORE dashboard.

Outbound SSO Support

These are the current options for Outbound SSO's from within kvCORE.

  • Buyside

  • CirclePix

  • CloudCMA

  • Corefact

  • Form Simplicity - Agents must enter their NRDS ID. Click Here for instructions.

  • Homesource

  • IMLS

  • Keyes RE Training Center

  • LeadingRE

  • ListGlobally

  • Lolo

  • Luxury Portfolio

  • MyKeyes

  • Profit Power

  • Quantum Digital

  • Smarter Agent

  • Toolkit CMA

  • TrendGraphix

  • VHT

  • Voicepad

  • Xpressdocs

  • RealScout

  • Christie's

Outbound SSO Method

Key requirements for implementing vendor SSO from kvCORE

We require the vendor to use OAuth to support SSO.  kvCORE will always use OAuth to connect to the vendor.

kvCORE must be the identity provider and will provide the vendor a list of client ID’s for a particular account using our JWT token authentication method.  This is the same as other users of the API.

Use Case

Users need to be able to login to kvCORE and click on their company's 3rd party vendor button and have that SSO to the 3rd party vendor.  There will be several vendors, so this needs to be a standard approach for all.

Getting Client ID’s

Vendors will make an API request every 4 hours to get the list of valid client ID’s from kvCORE.  We will provide each vendor their own API key that will allow them access to that information.

Headers

Authentication: Bearer

Request

GET /public/agents

Authenticating

When authenticating, kvCORE sends a request to the vendors system that includes the following:

GET /oauth/authorize?client_id=&client_secret=&redirect_uri=&response_type=token&scope=

Vendor Authenticates and redirects user to the vendor_redirect_uri.

Inbound SSO Support

  • Buyside

  • Circlepix

Inbound SSO Method

Example Use Case

User is authenticated into a supported 3rd party, then goes to their kvCORE Dashboard.  Instead of requiring the user to login again to access their dashboard, kvCORE would automatically authenticate them.

How it Works

Inside Real Estate provides 3rd Party Vendor (consumer) with a Client ID & Client Secret.  During the setup process, Inside Real Estate requires the consumer to specify a redirect URI (where kvCORE should redirect the user after the SSO request is approved).

The consumer requests an authorization code and access token via the kvCORE /oauth/authorize endpoint.

Example: https://api.kvcore.com/oauth/authorize?client_id=1234&redirect_uri=http://example.com/callback

After receiving the authorization request, kvCORE will redirect the user to screen allowing them to approve or deny the SSO request.  If they approve the request, they will be redirected back to the redirect_uri that was specified by the consuming application.  Note, the redirect_uri must match the redirect URL provided by the 3rd party vendor during the setup process.

If the user approves the authorization request, they will be redirected back to the consuming application redirect_uri.  The consumer then issues a POST request to kvCORE to request an access token.  The request will must include the following:

https://api.kvcore.com/oauth/token

  1. {

  2.     "form_params": {

  3.         "grant_type": "authorization_code",

  4.         "client_id": "client-id",

  5.         "client_secret": "client-secret",

  6.         "redirect_uri": "http://example.com/callback",

  7.         "code": "response-code"

  8.      }

  9. }

The endpoint will return a JSON response containing access_token, refresh_token, and expires_in attributes.  The expires_in attribute contains the number of seconds until the access token expires.

To refresh the SSO Token, the consumer can issue a request to the /oauth/token endpoint with the following

https://api.kvcore.com/oauth/token

  1. {

  2.     "form_params": {

  3.         "grant_type": "refresh_token",

  4.         "refresh_token": "the-refresh-token"

  5.         "client_id": "client-id",

  6.         "client_secret": "client-secret",

  7.         "scope": ""

  8.      }

  9. }

The endpoint will return a JSON response containing access_token, refresh_token, and expires_in attributes.  The expires_in attribute contains the number of seconds until the access token expires.

Have more questions? Please reach out to Customer Support via the blue chat bubble to the right or by emailing kvcore@insiderealestate.com!

Did this answer your question?