Simplified explanation on how the remote authentication with zendesk works…
| 1. | Client attempts to login to zendesk. |
| 2. | If the user is not authenticated zendesk will redirect them to the ManagingEnergy login page and embed a time based value in the URL (this ensures a hacker cannot hijack the users session forever). |
| 3. | ManagingEnergy sees the login request and allows the user to enter credentials. |
| 4. | ManagingEnergy then verifies these credentials are correct. |
| 5. | If the credentials are valid. ManagingEnergy redirects the user’s browser back to zendesk and embeds the user information along with the time based value sent by zendesk into the URL and encrypts it using the secret key. |
| 6. | zendesk sees the user’s browser request, pulls out the encrypted user information, decrypts it using the secret key, verifies that the time based value matches that sent (to minimize potential hacking). |
| 8. | The user is logged into zendesk and away they go… |
cus_Mec_to_zendesk_Remote_Authenti
©2012 Managing Energy Inc.
