Single sign-on (“SSO” for short) allows users to authenticate to multiple applications while providing their log-in credentials only once.
With ActiveCampaign products, specifically Help Desk Hosted, you may wish to have users log-in to an external application, and have them automatically logged-in to Help Desk at the same time, while only providing their credentials once.
The user is unaware that they’ve simultaneously logged-in to multiple applications at once. The process is much more seamless, and does not require the user to re-enter their credentials.

How it works

There are two types of single sign-on: same server and external server.
“Same server” is for applications that are all residing on the same server. External is for applications on different servers. (All Help Desk hosted users must use “external server.”)
To illustrate how this works, consider a simple log-in form:

This form could be on any site, and once the user logs in, an API call is issued to your Help Desk installation:
Replace youraccount with your actual Help Desk hosted account, or the entire domain with your custom URL. Include these parameters with the API call, along with their corresponding values:

Parameter Value Example
api_user admin username "admin"
api_pass_h admin password md5("test123")
api_output "serialize" OR "xml" OR "json"
api_action "singlesignon_sameserver" OR "singlesignon"
… depending on if the authenticating application is “same server” or “external server.”
sso_addr Visitor’s IP address ""
sso_user ActiveCampaign username "joe"
sso_pass ActiveCampaign password md5("acjoe123")
sso_duration Number of minutes the user can access the system "30"

With the API result, you can detect if the user was successfully logged-in by making sure $result["result_code"] is set to 1.
When using external server SSO (all Help Desk hosted users), the result will look something like this (example provided as serialized):

Array (
    [token] => 7ed5jb6d44d6sc7ea413d2a599358m1b
    [result_code] => 1
    [result_message] => User Found.
    [result_output] => serialize

The “token” above can then be used to create the URL where the user can access the Help Desk software:
… continued:
When accessing this URL, the user is automatically logged-in to the Help Desk software. (Any subsequent pages they visit will not contain the “_ssot” parameter, and they should only have to log-in again if they end their session.)
When using same server SSO, the result will look something like this:

    [id] => 1
    [absid] => 1
    [username] => admin
    [prfxs] => hd_|kb_
    [hash] => udb7130b740sf23b7fc0e8e7a8689d631
    [result_code] => 1
    [result_message] => User Logged In.
    [result_output] => serialize

In this case a cookie is set in the browser, so you don’t need to do anything – the user should be immediately logged in.
Please see our help doc for more information, and let us know if anything is unclear.