Start a conversation

Configuring remote authentication using LoginShare

We're actively rewriting our user guide, so check back for improved coverage.

LoginShare is a mechanism that can be used to authenticate users against any third party application. Creating and maintaining customer records over multiple databases is a hassle. Kayako offers this by providing LoginShare APIs which lets you authenticate against a third-party database/directory.

 LoginShare API works by capturing authentication details, passing them to third-party for authentication and outputting XML payload to confirm the status of authentication.


  • LoginShare is an all-in or nothing system. If authentication is not successful from third-party, Kayako doesn’t fall back to the local database.
  • A custom script is required to be created and specified in Kayako. This script should be globally accessible. The server on which third-party source exists must allow requests to be received from and placed to the web server on which script is placed.
  •  The script should capture the POST variables (interface, IP address and authentication details) sent by Kayako login form, dispatch them for authentication to the third-party source, and retrieve and output the result in XML format.
  •  A local replica (account) is created or updated in Kayako database per the information returned in XML. Linking is done on the basis of email address returned by script and password stored for a local profile is randomly generated.
  • Any persistent change to the user or staff account (including password change) needs to be done at third-party source as authentication is done from there and local profile is updated per information contained in XML returned on successful authentication.

 User loginShare

  • For technical know-how (such as POST variables and XML output) and how script must be specified in Kayako, refer to this User Guide article.

Mandatory XML nodes to be returned: ‘username’, ‘email’, ’usergroup’

 User Group returned in XML should exist in the Kayako and must be allowed on the template group from which authentication is being done.

  • LoginShare has to be enabled for a template group (via ‘Use LoginShare to authenticate users’ setting) to route login requests to the specified loginShare script.

     Location: Admin interface > Options > Templates > Groups

If you need to support local database authentication along with third-party, you can create a new template group and disable loginShare. A template group (i.e. a unique front-end) can be accessed directly through a web browser via:


Staff loginShare

  • For technical know-how (such as POST variables and XML output) and how script must be specified in Kayako, refer to this User Guide article.

 Mandatory XML nodes to be returned: ‘firstname’,’lastname’,’team’,’email’

Staff Team returned in XML should exist in the Kayako. We recommend disallowing loginShare access on ‘admin’ interface to prevent accidental access and keep Kayako secure.

Need script?

NOTE: All projects on forge are maintained and supported by third-party developers. We do not support the custom development of loginShare scripts.

Choose files or drag and drop files
Was this article helpful?
  1. Sukhpreet Anand

  2. Posted
  3. Updated