Single Sign On allows you to retain your Rock login in a Subsplash app and web tools, this means users only have to remember one set of credentials for all of your tools but also gives you full control over the login experience for your users on the Subsplash platform whether it be in the app, giving, messaging, etc.

Out of the box, Subsplash offers Email (Subsplash account), Google, and Apple as login methods to create a Profile. Enabling SSO will disable those to force your Rock login.

SSO is not required to use the plugin, only a feature of it, and can be enabled at any time after the initial setup of the plugin.

A major benefit of integrating your Rock login is the ability to personalize content to users who are logged in or not.

Once a user logs into the app, that authorization gets passed everywhere they go, and even if the user is taken from the app out to the mobile browser.

Now that you know someone is logged in, send them or a group a personalized push notification.

If using Subsplash Groups & Messaging you can sync Groups and group membership of People between Rock and Subsplash. This allows you to take advantage of Messaging in your Subsplash app and web.

The simplest approach to do this is by using Rock web pages in your app. Once logged in the user could open a connect card in Rock and have the form auto-filled with their details automatically, a profile page could be displayed in the app that allows them to edit their household and personal information, plus more.

A more advanced approach to personalized content is with custom feeds. In the plugin > Content and/or Custom Web Services you can set up feeds to plugin into your app that come from Rock, allowing you to use your choice of lava or security roles to show/hide items to certain users and segments.

When you opt for SSO, a custom profile page is often a great pairing. This would be a web page you build in Rock but give to us to replace the default profile page coming from Subsplash. This lets your users see their profile/account directly in Rock and change information that otherwise wouldn't be connected to Subsplash.

There are some requirements for this page to comply to app store polices. We highly recommend creating a new site for these dedicated app pages that way you have better control between the pages on your website and in the app.

This should be a very simple page with no header/footer that allows navigation to other pages on your site, except for ones directly related to the profile and in the contents of the page.

Users will need to be able to log out from their account. The app needs a native command to do so and can be dispatched from a deep link. Add a button to your site with the following URL to add your log out functionality:

subsplash://sap/eyJoYW5kbGVyIjogImFwcFVzZXIiLCAiY29tbWFuZCI6ICJsb2dPdXQifQ==

App stores require the ability for a user to initiate account deletion if they are logged in. Without this ability the app is at risk for removal from the store and will not be allowed any updates.

There are several paths do doing this, we recommend following Apples policy guidelines.

Rock’s default OIDC integration has a requirement to review and manually click "Yes" on the "Give Permission" page during the authentication process.

Sometimes Subsplash clients wish to bypass this in Rock which can be done by adding an HTML Content block to the /Auth/Authorize page. The easiest way to do this (since loading the page requires specific parameters) is to just pull it up in the Toolbox -> CMS Configuration -> Pages menu. The Give Permission page can be found under Internal Homepage -> Admin Tools -> Security -> Give Permission hierarchy in the pages menu:

In the Blocks From Page section for the Main Zone a new HTML Content block can be added with the following HTML:

The Redirecting . . . text content can be customized to match your organization's branding and design.