Single Sign-On

The Ultimaker Account provides Single Sign-On (SSO). This means that users only have to sign in once, and their session in the authentication portal is remembered when signing in from other applications that make use of the Ultimaker Account. Applications do not need to implement anything besides the OAuth2 flow to make use of this functionality.

Redirecting

When using the OAuth2 authorization endpoint, the given redirect_uri will be used to redirect the user back to your application after sign in.

Sign Off

Sometimes you want the user to sign off completely and destroy the global SSO session. To do this you can redirect to the following URL:

https://account.ultimaker.com/logoff

Without extra query parameters, this will redirect back to the login page by default.

If you want to redirect back to your own application (for example if it is usuable without signing in), you can append the query parameteter next to the logout URL:

https://account.ultimaker.com/logoff?next=https%3A%2F%2Fmy-app.com

Info

Note that the next parameter should be URL encoded as some browser do not handle URL schemes in query parameters well.

Warning

The Ultimaker Account does not support Single Sign-Off. This means that only the session in the current application and the global one on account.ultimker.com are destroyed when following this flow, but not the active sessions in other applications that use the Ultimaker Account.

Enterprise Federation

As an extension of SSO, Ultimaker can help you configure your company's own identity provider (like Microsoft Azure Active Directory) to connect to the Ultimaker Account. Your employees would no longer need a separate Ultimaker Account, but can just sign in with their existing enterprise account. Please contact Ultimaker Support or your Ultimaker account manager to get more information about this option.

Info

Federated Single Sign-On is only available for customers with an Ultimaker Excellence subscription.