1. Home
  2. Build your KWS Environment
  3. Set up the multi-app SSO

Set up the multi-app SSO

KWS provides a single sign-on (SSO) across all your apps, allowing kids to sign in to all your apps with the same credentials.

A demo of the user sign-up/sign-in process is available here.

Configure the URL for your SSO view


To find the URL for your app’s default SSO view:

  1. Log into your KWS Control Panel.
  2. Select your KWS app.
  3. Select the Integration tab.
  4. The SSO (Single Sign-On) URL for your app is displayed in the following format:[EnvironmentName].sso.kws.superawesome.tv where EnvironmentName is the name of your KWS environment – typically the name of your company.

Copy this URL into your browser to see the basic default SSO view:

Configure the SSO URL

You can extend this basic URL to construct the SSO that you require for your app, using the following format:

[EnvironmentName].sso.kws.superawesome.tv/[Language]/[Action]?[query string]&[query string]

For example:


EnvironmentNameThis is the name of your KWS environment. It typically consists of the name of your company. For example, ‘my-company-name’.
LanguageISO 639-1 language code.
For example, ‘en’ for English; ‘es’ for Spanish; etc.
Default: en
ActionThis takes one of two values:
– ‘register’ to show the registration (sign up) form.
– ‘login’ to show the login (sign in) form.
Default: register
Query stringsThe following table describes the available query string parameters. Use them to construct the SSO view you want to present to your users. 

Query string parameters

  • All parameters are case sensitive.
  • ‘clientId’ is required, along with either ‘skipRedirect’ or ‘RedirectUri’. All other parameters are optional.
This is the client ID for your KWS app. You can find this in the Integration view in your KWS Control Panel.
permissionsToRequestcomma-separated stringOptional.
The permissions that will be automatically requested from the parent during sign-up.
Must be a comma-separated list of permission codes. You can find the codes in the Permissions view in your KWS Control Panel:
If true, the display name generation step is skipped during the sign-up process.
skipRedirecttrue/falseMust be false if redirectUri is set.
If true, skip redirection to redirectUri after sign-up.
redirectUriURLMust be set if skipRedirect is false.
If set, KWS redirects to this URL after sign-up.
For security, the URL must match one of OAuth Redirect URLs you defined in the Integration view in your KWS Control Panel.
If true, hide the Sign in option.
If true, hide the Sign up option.
dobmillisecond timestampOptional.
Provide the user’s date of birth as a millisecond timestamp (for example, ‘1527858082436’). When the user lands on the SSO view, their date of birth is pre-populated and cannot be changed.

Brand your SSO view

You can apply your company’s branding to the KWS SSO view. For example, you can specify the background colour and include your company logo. For details, see Branding.

Localise your SSO view

Depending on what region your users are in, you can present localised versions of your SSO view.

When you change the language code in the SSO URL, the text in the SSO automatically changes to the corresponding language. For example:

In addition, you can localise your branding, permissions, and auto-generated display names. For details, see Localisation.

Build a custom SSO

In rare cases, it may be desirable to build and host your own custom SSO to handle user authentication instead of using the KWS-provided SSO view. For details, see Build your own custom SSO view.

Updated on 25/11/2020

Was this article helpful?

Related Articles