Table of Contents
- 1. Add Your Site
- 2. Trusted URLs
- 3. Configure Domain Alias (CNAME)
- 4. Bit.ly URL Shortening
- 5. Custom URL Shortening
- 6. Redirect Method
- 7. Encryption
- 8. Configure Social Network Application Keys
- 9. Facebook and Google+ Configuration
- 10. Gigya Support
- 11. Admin
The following guide walks you through Gigya's setup and serves as a reference document for the configuration options.
If you are already a registered user, please sign in to your Gigya account at console.gigya.com. To register as a Gigya user, please go to http://www.gigya.com/ and register by clicking the Try Gigya button on the top right-hand corner of Gigya's site and filling out the registration form. An invitation email will be sent to you with a link to activate your Gigya account and obtain a Gigya API key.
Add Your Site
Once you sign in to Gigya, you will be able to view your Dashboard. The first thing you must do to get your Gigya implementation up and running, is add your site domain name to the sites table in the Dashboard page.
Press the "Add site" button:
Fill in the site domain, select the Data Center where your sites' data should be stored (options are US, AU or EU) and optionally enter a description, then press "Add Site".
- A valid domain should be entered in the form of "mysite.com" (there is no need to include the "http://" prefix). If you are using Gigya in Flash applications, please enter the URL of the location from where your SWF files are stored and downloaded.
- The Data Center entry cannot be changed once the site has been created and indicates the location of the server holding your user data.
Selecting the right Data Center is not trivial and is dependent on your site's location. To verify site location contact your implementation manager.
Your domain name should now be listed in the Sites table:
This API key will be used in every page in which Gigya plugins or API calls are integrated. The key is in charge of identifying the calling site and assessing the permissions available for that site.
The API key that is associated with each domain is listed next to the domain name in the table.
- The Data Center entry indicates the location of the server holding your user data.
- It cannot be changed once the site has been created.
- To verify site location contact your implementation manager.
The partner ID is displayed at the bottom of the table.
The "Secret Key" is provided at the bottom of the table. This key may be used to generate and check Cryptographic Signatures to verify the authenticity of Gigya processes and prevent fraud. Read more about the subject in the Security page of our Developer's Guide.
Technically you are now ready to use Gigya in your application.
Trusted Site URLs
The configuration form provides instructions for setting up trusted site URLs. Please follow them to setup any URLs you wish to include in this configuration. If the Gigya service configuration applies to all parts of your site, you will not need to change the default configuration. However, if you wish to configure specific parts of your site to work under these settings, you can use the URL settings to:
- Apply the configuration to specific subdomains only (i.e. "articles.yoursite.com").
- Apply the configuration to specific paths (i.e. *.yoursite.com/articles/*)
Trusted Share URLs
The Trusted Share URLs table is an additional list of URLs that are approved for sharing purposes as part of the domain's whitelist.
When a link is shared via Gigya's service, Gigya will validate the link by following the redirect chain and assuring that all URLs on the chain are trusted. Links that redirect through a non-trusted domain will be blocked.
A URL is trusted if it is whitelisted as one of the following:
- the Trusted Site URLs list
- the Trusted Share URLs list
- custom short URLs for the site
- it is configured as a CNAME for the site
- listed in Gigya's global whitelist.
Configure Domain Alias (CNAME)
- Redirecting users to your site from the Facebook "via" link in newsfeed items.
- Featuring your site in the OpenID authentication flow. Users will be prompted to allow your site (instead of allowing socialize.us1.gigya.com) to access the user’s OpenID data.
- A better user experience on platforms such as iPhone, Android, Windows Mobile.
Mapping of Data Center to placeholder value is as follows:
US data center - 'us1'
European data center - 'eu1'
Australian data center - 'au1'
For example, customers on the European Data Storage Center need to point their CNAME to client-proxy.eu1.gigya.com.
If you are not sure of your DC location or you are using a different DC not listed here, consult your Implementation Manager to find out which domain to use.
To apply this with Gigya:
There are two methods you can use to define a CNAME entry in your DNS server:
Contact your provider and request a CNAME entry. Specify a new subdomain in your site and point it to client-proxy.<DC>.gigya.com.
Define a CNAME entry in your DNS server. Specify a new subdomain in your site and point it to client-proxy.<DC>.gigya.com
login.yoursite.com CNAME client-proxy.us1.gigya.com
Note that the CNAME must be a subdomain of your site. In other words the CNAME must end with your site name.
Return to Gigya settings and enter your CNAME value in the corresponding text-field (see screenshot below).
Note: only a subdomain of the domain which you have configured in Step 1 will be accepted.
You can choose to enable CNAME for all OpenID providers - this will enable sites that use Social Login via OpenID to display their own domain name in the Social Login dialogs instead of "Gigya socialize":Note: This option will not work with CDN acceleration (DSA)
Bit.ly URL Shortening
When bit.ly shortening is enabled all shortened URLs will go through Bit.ly, including URLs that have been shortened using Gigya's custom shortening service.
When you enable this option, you will be presented with a pop-up asking you to authorize Gigya to use your Bitly account. You must have a Bitly account in order for Gigya to use it as a url shortening service.
Bitly premium account holders using a branded short domain: After authorizing Gigya to use your Bitly account, add your short domain in the Additional Share URLs section.
Custom URL Shortening
Gigya includes a URL shortening service for URLs that you publish to social networks using Gigya's API. If Gigya's URL shortening service is active, each of the distributed URLs will be shortened to a URL that corresponds with your Data Center.
- fw.to domain for customers using the US data center
- shr.gs domain for customers using the European data center.
- vst.to domain for customers using the Australian data center.
If you wish to set up a custom short URL that will be used when publishing content to social networks:
Define a CNAME entry in your DNS server. There are two methods you can use to define a CNAME entry in your DNS server: either contact your provider and request a CNAME entry, or define a CNAME entry in your DNS server. Specify your short domain and point it to your designated short URL. For example:
short.yoursite.com CNAME fw.to
Return to Gigya settings and enter your CNAME value in the corresponding text field (see screenshot below).
You can select your short URL redirect method out of the following options:
- Server redirect, replacing existing URL fragment - Use HTTP 302 redirect and append a new URL fragment or replace the existing fragment
- Server redirect, append to existing URL fragment - Use HTTP 302 redirect and append a new URL fragment or concatenate to an existing fragment like a query string (with & separator)
- Server redirect, append query string if URL fragment exists - Use HTTP 302 redirect and append a new URL fragment if one doesn't already exist and a query string if a URL fragment does exist on the target URL
Gigya encrypts usernames, emails, friends' names and friends' emails. Encrypted fields are stored and transmitted encrypted. Gigya manages decryption.
Personal identity information (PII) is also encrypted but can be switched off if the Enable PII encryption checkbox is de-selected in the Site Settings:
When Enable PII encryption is checked, the following fields are encrypted:
- In the Profile object: "firstName", "lastName", "address", "name", "phones".
- In the Identity object: "firstName", "lastName", "address", "phones".
Note that SQL-like queries such as accounts.search, IDS.search and the Identity Query Tool cannot use comparison operators (>, >=, <, <=) or regex expressions on encrypted fields. Contains is case insensitive on encrypted fields but does not support searches for partial strings.
For more information see Security & Privacy.
Configure Social Network Application Keys
Press the "Providers Configurations" tab under the "Site Settings".
You will be directed to the Providers Configurations page, where you must configure social network application keys.
The Gigya service uses external applications to deliver its services in social networks. The external applications act as mediators, enabling the Gigya service to provide the various functions it offers – such as retrieving user info or sending notifications.
For the Gigya service to work in your site, a dedicated external application is required for each social network you wish to use.
The following tutorials will guide you through the process of opening and setting up external applications:
- Setting Up an External Application in Spiceworks
We will be glad to assist if you need help with this process. You can contact us by filling in a support form on our site.
This is a screenshot of the form in Gigya website Providers Configurations for setting up social networks external applications:
Considerations for SN Apps when SSO is Enabled
When SSO is enabled, sites have the option of only configuring apps at the parent level, which will then apply to all child sites. However, if the site defines an application that is not the default (group) application (at the parent level), then the child site's application will be used, overriding the group application. The implications are:
- A user may not connect to different accounts of the same SN in different sites. So if the user connected to FB account #1 in site A he must connect to the same FB account in site B or he will get an error.
- When a user is logged out and then logs in for the first time to a site that belongs to the group using a social identity that was already used in a different site in the group he should be connected to the same group account as he was before.
- When disconnecting from a provider on one site, all the connections for that provider (on all other sites) should be removed.
Facebook and Google+ Configuration
When you click on the Facebook icon, the following dialog opens. A similar dialog opens for Google+, without the External Application Canvas page and API version selection.
Facebook API v1/v2
Select the Facebook API version that you want to use. API v2 offers a different set of behavior and permissions.
- To understand which version you need to use, see A Note on Facebook API.
- For more information on permissions in API v2, see Facebook permissions.
Check this box if you are using a CName.
Enable Native SDK Capabilities
Checking Native SDK Capabilities in Facebook app configuration enables automatic session renewal for users logged in through Facebook and automatic login when autoLogin is set to "true" in the Global Conf object. In socialize.showLoginUI the parameters autoDetectUserProviders and facepilePosition (allowing use of Facepile) require native SDK capabilities. Calling socialize.logout to log the user out of Facebook requires native SDK capabilities.
Note that "Native SDK capabilities" also require that Facebook App definitions have your domain specified in the "Valid OAuth redirect URIs" in the Settings Tab (Advanced: Security).
Checking Native SDK Capabilities in Google+ app Configuration enables automatic login when autoLogin is set to "true" in the Global Conf object. This is required for Google+ cross device SSO (also known as cross platform single sign-on): Users who are already logged in on one platform (for example their mobile phone) can use their Google+ credentials to open the site on another platform (for example their laptop) without being asked to sign-in again. App permissions are automatically shared across the different devices.
Calling socialize.logout to log the user out of Google+ requires native SDK capabilities.
Facebook External Application Canvas Page
You have the option of providing the URL of a page that will be shown in an IFrame in Facebook's external application canvas page. For more information, see Canvas Overview in the Facebook Product Docs.
We will be glad to assist you with implementation, configuration, or any other issues. You can contact us by filling in a support form on our site. You can also access the support page by clicking "Support" on the upper menu of Gigya's site:
Fill in the form and you will receive the support you need.
If you have "Admin" status on your site, you can access the "Admin" link placed on the upper menu:
As administrator, you can:
- Manage Users - you can add, edit, and delete users, and change their account permissions.
- Export Chat Logs - you can download a CSV file of your chats for backup purposes.