In addition to the authentication methods provided by Crowdin, you can use the Single Sign-On (SSO) feature to authenticate instantly your users with their existing usernames.
This feature is available in organization plans only.
Crowdin hybrid SSO is actually a faster way to create the translator account than classic SSO like OAuth or SAML.
The entire streamlined process works as follows:
- Enable SSO in your account and copy your account API key.
- Create a special URL in your system that directs the translator to Crowdin. This URL will contain the translator’s authentication information, as well as the API key you obtained earlier, as URL parameters encrypted with AES.
- Crowdin uses these parameters to create an account for the translator and redirects to the desired page. For example, translators can be redirected immediately to the translation editor to begin working.
- Translator receives an email with instructions on how to activate the account and must agree to Crowdin’s Terms of Service and Privacy Policy.
Note: Before referring a user to Crowdin, please include a warning that you are sending the translator’s encrypted personal information to the outside party.
If you pass a login name or email to the SSO URL that is already taken at Crowdin, the user will be asked to correct the registration data.
Enabling Single Sign-On (SSO)
Чтобы подключить SSO для ваших проектов, перейдите в настройки профиля, кликните API & SSO, активируйте опцию Включить Single Sign-On и укажите действительное имя провайдера.
SSO URL Parameters
Below is the list of parameters you can pass to Crowdin for automatic registration. In this step, you will need to pack the data as JSON array before encryption (See the sample integrations in popular programming languages below).
| Parameter | Required | Тип | Default | Example | Примечания |
|---|---|---|---|---|---|
| user_id | да | строка | 12345678901 | A unique identifier for the user (e.g. the user_id in your system). | |
| авторизоваться | да | строка | johndoe | Crowdin login name. Should match the pattern [a-z,0-9] | |
| user_email | да | строка | john.doe@mail.com | Valid email address | |
| expiration | да | число | 1406124776 | Valid unix timestamp. Note! Set no more than 30 minutes from the current UTC time. | |
| display_name | строка | John Doe | Pseudo or real name | ||
| locale | строка | en_US | de_DE | Locale code | |
| проекты | строка | docx-project,csv-project | A comma-separated list of Crowdin project identifiers that the translator should initially have access to | ||
| пол | число | 0 | 1 | 2 | 1: male, 2: female | |
| роль | число | 0 | 0 | 1 | 2 | User role in joined projects. 0: translator, 1: proofreader, 2: manager | |
| языков | строка | ro,uk,fr | Comma separated list of Crowdin language codes the user should have access to. Used for projects with moderate language access policy | ||
| redirect_to | строка | https://crowdin.com/profile | https://crowdin.com/project/your-project-url | The Crowdin URL where the translator should land after registration | |
| return_crowdin_login | число | 0 | 1 | Return GET parameter crowdin_login (works in combination with redirect_to parameter) |
The output JSON array should look like the following:
{
"user_id":"12345678901",
"login":"johndoe",
"user_email":"john.doe@mail.com",
"display_name":"John Doe",
"locale":"de-DE",
"gender":1,
"projects":"docx-project,csv-project",
"expiration":1406124776,
"role":0,
"redirect_to":"https:\/\/crowdin.com\/project\/docx-project"
}Encrypting the Information
JSON созданный на предыдущем шаге должен быть зашифрован с использованием AES 128-CBC. Первые 16 символов включают API ключ вашего аккаунта Crowdin и являются криптографическим ключом, а последние 16 символов будут вектором инициализации. Зашифрованный текст должен быть преобразован в Base64.
Generating the SSO Link
The SSO URL should use the following pattern:
Where:
{ENCRYPTED_STRING} is the Base64 text you created in the previous step.
{CROWDIN_USER_LOGIN} is the login name of your Crowdin account. Note: this must be the same account you used to create the projects you want the translator to have access to.
Sample Integrations
We’ve created the code snippets for the most major programming languages. Remember to replace CROWDIN_USER_LOGIN, CROWDIN_USER_API_KEY with your personal authentication information.