The Ultimaker Account provides Single Sign-On (SSO). This means that users only have to sign in once, and their session in the authentication portal is remembered when signing in from other applications that make use of the Ultimaker Account. Applications do not need to implement anything besides the OAuth2 flow to make use of this functionality.
When using the OAuth2 authorization endpoint, the given
redirect_uri will be used to redirect the user back to your application after sign in.
If you manually navigate to the sign in page however you can use the
next query parameter to achieve the same behaviour:
Sometimes you want the user to sign off completely and destroy the global SSO session. To do this you can redirect to the following URL:
Without extra query parameters, this will redirect back to the login page by default.
If you want to redirect back to your own application (for example if it is usuable without signing in), you can append the query parameteter
next to the logout URL:
Note that the
next parameter should be URL encoded as some browser do not handle URL schemes in query parameters well.
The Ultimaker Account does not support Single Sign-Off. This means that only the session in the current application and the global one on account.ultimker.com are destroyed when following this flow, but not the active sessions in other applications that use the Ultimaker Account.
As an extension of SSO, Ultimaker can help you configure your company's own identity provider (like Microsoft Azure Active Directory) to connect to the Ultimaker Account. Your employees would no longer need a separate Ultimaker Account, but can just sign in with their existing enterprise account. Please contact Ultimaker Support or your Ultimaker account manager to get more information about this option.
Federated Single Sign-On is only available for customers with an Ultimaker Excellence subscription.