Single Sign-On (SSO)

Single sign-on (SSO) can be used to pass customer information from your system to the Cleverbridge storefront. This allows you to pre-populate the checkout process and optimize the customer experience.

Cleverbridge offers the following SSO options:

Profile Mapping

The easiest way to implement SSO in the Cleverbridge platform is to use profile mapping. To implement profile mapping, pass your own ID for a customer through the Cleverbridge checkout process using the &internalcustomer parameter. After the customer completes a transaction, Cleverbridge resends this ID to you in a notification, enabling you to align the Cleverbridge profile with your own customer database. After that, you can refer back to this profile ID for possible follow-up transactions.

To implement this type of SSO, complete the following:

  1. Create a URL that opens a checkout page for your product.

  2. Add the internalcustomer parameter to the link and add your unique profile ID as its value to enable SSO. The profile ID should come from the Auth0 provider or your internal customer database. If the internalcustomer ID is not known in the Cleverbridge system, we will create a customer profile with the associated customer ID. If the internalcustomer ID is already known in our system (e.g. returning customers), then the entire cart will be prefilled with all the customer's contact & payment data we have in our system.

    If you would like to update and overwrite portions of the customer's existing profile in the Cleverbridge platform, you can also add parameters to the URL that contain personal information the customer has recently provided. For a full list of available customer parameters, see Customer Data.

  3. Protect the parameters in the TargetUrl against manipulation by creating a session URL (SURL) or dynamic protected URL (Dynamic UURL). This can be done either via the Generate User Session URL API endpoint or the Generate Protected URL API endpoint. If you do not protect the link, the internalcustomer parameter will be ignored. To learn more about the limitations of these link types, see Quick Facts about URLs.

    curl --request POST \
      --url '' \
      --header 'accept: application/json' \
      --header 'content-type: application/json' \
      --header 'authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
      --data '{
        "TargetUrl": ""

  4. Provide the generated Url to the customer within an email or website redirect.


  5. After the customer completes the purchase, you can retrieve data from the Cleverbridge system using notifications (webhooks). These notifications contain your unique profile ID in the internalCustomer field. For more information, see Notification Guide.

      "meta": {
        "type": "PaidOrderNotification",
        "date": "2019-03-19T14:47:34.857671",
        "schemaUrl": ""
      "purchaseId": 123456789,
      "internalCustomer": "UUID-YOUR-UNIQUE-ID-1234-5678",
      "items": [{
        "recurringBilling": {
          "subscriptionId": "S12345678",
          "intervalNumber": 0,
          "nextBillingDate": "2020-03-19T14:47:34.857671",
          "renewalType": "Automatic"


To activate SAML SSO for the checkout experience, contact our Client Experience team and provide them with your identity provider (IDP) settings.


The following graphic illustrates the customer flow once SAML has been activated for your account:

saml sso flow