Authentication methods
Authentication is a critical component of ensuring secure and seamless access to your member portal. This page provides a comprehensive overview of the supported authentication methods and their compatibility across various distribution channels, including standalone portals, embedded widgets, and mobile environments.
Our goal is to help you understand the available options—such as Custom SSO, Social Login, SecureToken, and Magic Link—and how they can be configured to meet your business and technical requirements. By the end of this guide, you’ll have a clear understanding of which authentication methods are best suited for your use case and distribution channel.
Channels
Minisite
Accessing the portal from a dedicated URL (custom domain or *.qualifioapp.com subdomain).
Widget on Customer Website
- Iframe: Static iframe targeting the member portal URL.
- Iframe with SDK: Iframe created with Qualifio SDK (supporting resize and parent page communication).
- Direct Rendering: Rendering of the portal in the hosting page with a SDK.
This method is currently not proposed at all, although Qualifio is considering it for the future.
Webview in Mobile App
Embedding the portal as a “WebView” (similar to an iframe but in a mobile app context) in a customer-controlled mobile app.
Webview in a Social Network App
Embedding the portal through a link in a social network app (Facebook, Instagram, X, etc.).
When this link is clicked, the portal opens in a WebView within the app. The user may configure the app to open links in a native browser.
Authentication Methods
Custom SSO
A dedicated integration with a CRM or member database.
The dominant standard is OpenID Connect, proposed by many vendors, though various technologies, standards, and platforms are available.
Social Login
A dedicated web page provided by Qualifio where the participant can select from a series of social connectors, such as “Login with Facebook” or “Login with Google.”
SecureToken
A login scenario where a JSON Web Token (JWT) is constructed and signed cryptographically by the customer based on user data.
This token is securely sent to the user (e.g., via email or logged-in space within an app) to authenticate them without further action.
Magic Link
A specific login flow where the user provides their email address.
An email is sent containing a “Magic Link,” which, when clicked, grants access. Practically, the email includes a link and secure token.
This solution is currently implemented with a Qualifio campaign.
Supported Methods
The table below depicts the supported configurations for authentication to the member portal:
| Channel | Custom SSO | Social Login | SecureToken | Magic Link |
|---|---|---|---|---|
| Email campaign | YES | YES | YES | N/A |
| Minisite / Standalone | YES | YES | YES | YES |
| Widget on customer website - iframe | YES, IF SAME DOMAIN | YES, IF SAME DOMAIN | YES | YES, PARTIAL (1) |
| Widget on customer website - no iframe | NOT SUPPORTED | NOT SUPPORTED | N/A | N/A |
| Widget on customer website - iframe - with JS/SDK & redirect | NOT SUPPORTED | NOT SUPPORTED | N/A | N/A |
| Mobile app in WebView | YES, IF SAME DOMAIN | YES, IF SAME DOMAIN | YES | NOT SUPPORTED |
| Social network app (in WebView) | SSO DEPENDENT (2) | NOT SUPPORTED | N/A | YES, PARTIAL (1) |
Notes:
- PARTIAL: Access will be directed to a minisite, not the original page if the portal is available as a widget.
- SSO DEPENDENT: Depends on the technical constraints of the custom SSO.
Definitions
- YES: The authentication method is fully supported for this channel.
- YES, IF SAME DOMAIN: Usable if domain names are properly set up (no domain change during the authentication flow).
- N/A: Scenario doesn’t make sense from a business point of view.
- NOT SUPPORTED: Not currently supported by the platform, meaning it will not work at all or not reliably in its current state. Future evolutions may support it.
Recommendations
Given the current state of the product and the constraints of various environments/channels, Qualifio recommends:
- For minisite/standalone distribution, Custom SSO or Social Login are ideal solutions for easy and convenient access.
- Magic Link can complement social login for members reluctant to share their data with major companies (e.g., Google, Facebook).
- For embedded channels (e.g., mobile app, iframe on a logged-in website), SecureToken provides fast, frictionless login for members.
- For emailing/database activation flows, SecureToken is a flexible approach.
A native integration has been developed with Qualifio’s sister company, Actito.
Additional Considerations
- Webviews in Mobile Apps: These are sandboxed environments with specific constraints. Cookies are inconsistently managed across platforms, potentially leading to frustrating user experiences.
- Social App “In-App Browser”: These environments pose challenges for authentication. Qualifio is investigating the best options for a fluid user experience.