How to enable SSO for your Privacy Center

You can enable Single Sign On (SSO) for your Privacy Center so that your customers can log in to the Privacy Center without going through Dataships email verification.

Enabling SSO will no longer allow users to sign in via their email and password.

The steps below are highly technical and requires a developer to implement tokens. We recommend you let us know when you're interested in enabling SSO so that we can provide you with a Sandbox to try out before taking it live.

To add Single Sign On (SSO)

  1. Login to your Dataships account via the Control Panel (here):
    1. Enter your e-mail address in the Email field and click Continue.
    2. Enter your password in the Password field and click Sign in.
  2. Click Privacy Center. It can be found towards the top left of the screen along the menu bar.
  3. By default, you will be on the Company Profile page. Click on the Data Access Gateway page. 
  4. By default, you will be on the Apps tab. Switch to the Security tab.
  5. Under the Authentication Mechanism section, enable the toggle to turn on SSO. Once enabled you will be shown four steps for the developer to complete. 

  6. Firstly, enter the URL where your users should be able to login remotely (i.e. on your platform) when they attempt to sign in to your data access gateway in the Privacy Center. 
  7. Then use the Certificate Fingerprint key shown in step 2 (on the Control Panel page) to encode the JWT token after successful login. 
    1. Use HS512 as the Algorithm.
    2. Type must be JWT.
    3. API keys can be found in Control Panel (Account Settings > Password & Key > API Keys).
    4. email must be within the payload and a valid email address as it's value.
    5. iat is the unix timestamp for issued at time.
    6. exp is the unix timestamp for expiration time. Dataships will expire any sessions after 60 minutes of inactivity. 
    7. Use your Certificate Fingerprint key from step 2 as your-512-bit-secret to Verify Signature.
  8. Use the template in step 3 (on the Control Panel page) to form a JWT token, with the placeholders replaced as real values. 
  9. Redirect the user to<YOUR_PUBLIC_KEY>/data-access-gateway/login?token=<YOUR_ENCODED_TOKEN> . If the token is valid, your customer/user will be automatically logged into the Data Access Gateway.
  10. (Optional) If and when it is necessary to log out your customer/user, redirect the iframe to load the logout URL e.g.


Completing the above steps should allow you to log in a data subject in your Privacy Center using SSO.