There are multiple ways to authenticate to our services, always securely and using least privileges.
The main flows for authentication to our services are outlined below.
Single-use magic email links
What are they?
Secure links that are emailed to you in order for you to access your account.
Where are they used?
- When you sign up: https://cobrowse.io/register.
- When you are required to log in: https://cobrowse.io/login.
An example of the email you receive is shown below.
How are they secure?
- single use only
- sent to account email address
- expire after 10 minutes
- tightly scoped (using JWTs, see below)
Generate join links
What are they?
Links that can be generated by an account Administrator to add Team Members to your account.
Where are they used?
- https://cobrowse.io/dashboard/settings/team, by clicking the button shown.
How are they secure?
- Generated by Administrators only
- Expiry within 72 hours
- Triggers the single-use magic email link flow (e.g. users must sign up, and Administrators can easily audit who has account access)
- Scoped using JWTs, see below
JSON Web Tokens (JWTs)
What are they?
Secure tokens which carry authentication credentials and are signed and verified by a trusted party: https://docs.cobrowse.io/agent-side-integrations/json-web-tokens-jwts#overview.
Where are they used?
In the majority of our authentication! This is because they are helpful for Single Sign-On (SSO) flows, meaning your trusted credentials for one sign-on are reused for others. Some examples include:
- Our integrations (e.g. Genesys, Zendesk, Freshdesk, Intercom, Salesforce), including the widget view shown below. Your authentication for the integration will be re-used.
-png.png)
- Magic links and join links
- Custom integrations, including using the Agent SDK: https://docs.cobrowse.io/agent-side-integrations/json-web-tokens-jwts#overview
How are they secure?
- They are cryptographically signed and verified for authenticity before granting access.
- They are fine-tuned to give only the necessary access control, including expiry.
More information on the technical implementation of JWTs can be found here: https://docs.cobrowse.io/agent-side-integrations/json-web-tokens-jwts.