# Third-party Authentication



--------------------------------------------------------------------------------
title: "Introduction"
description: "Catalyst Authentication enables you to provide secure authentication and sign-ins for your app users, and manage their user accounts."
last_updated: "2026-03-18T07:41:08.533Z"
source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/third-party-authentication/introduction/"
service: "Cloud Scale"
--------------------------------------------------------------------------------


# Third-party Authentication

Catalyst powers developers by enabling them to implement any third-party authentication service like WatchGuard AuthPoint, Cisco Secure Access by Duo, The Okta Identity Cloud, etc., in their Catalyst application. Catalyst will provide the necessary backend support and scripts you require to securely incorporate a third-party authentication service of your choice.

{{%note%}}{{%bold%}}Note:{{%/bold%}} Given that you are implementing a third-party authentication service, it is understood that the security infrastructure of your application is contingent on the efficiency of the third-party service that you have chosen. Catalyst will not handle any backend infrastructure setup or security implementation for your application users.{{%/note%}}

The authorization and validation of the end-user is handled by the third-party service, and the data is passed on to Catalyst. Catalyst will provide you with server-side and client-side scripts to generate a required custom token with the authenticated user's details, and to process the token in the front-end of the application respectively, to log the user in.

### Benefits

* Authentication provides you with all the required scripts to generate custom tokens to incorporate third-party authentication into your Catalyst application. This saves you considerable efforts in configuring the logic from the third-party service within your application.

* You can easily incorporate any third-party authentication service and add end-users to your Catalyst application. This provides you with limitless flexibility, and allows you to pick a service of your choice based on your business requirements.

* If you have an existing subscription with a third-party authentication service, you can easily use the same for your Catalyst application.

* The scripts to generate the custom server token is available in multiple programming languages—{{%link href="/en/sdk/java/v1/cloud-scale/authentication/third-party-server-token/" %}}Java{{%/link%}}, {{%link href="/en/sdk/nodejs/v2/cloud-scale/authentication/third-party-server-token/" %}}Node.js{{%/link%}} and {{%link href="/en/sdk/python/v1/cloud-scale/authentication/third-party-server-token/" %}}Python{{%/link%}}. This provides compatibility with your existing application code, and allows you to easily incorporate the script in a language of your preference.

--------------------------------------------------------------------------------
title: "Workflow"
description: "Catalyst Authentication enables you to provide secure authentication and sign-ins for your app users, and manage their user accounts."
last_updated: "2026-03-18T07:41:08.534Z"
source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/third-party-authentication/workflow/"
service: "Cloud Scale"
--------------------------------------------------------------------------------


# Workflow of Third-party Authentication in Catalyst Applications

The following is a step-by-step drill down of the process of how an end-user authenticated by a third-party authentication service will log in to your Catalyst application:

<br />

1. When the end-user enters their details to log in to your application, they will be forwarded to the third-party authentication service that you have chosen.

2. The user details will be verified and stored in the database of the third-party service after the authentication logic is passed.

3. The user details will then be passed to the Catalyst client application.

4. The details will then be redirected to the authentication function that you code. This authentication function must include the Catalyst server-side script to generate a custom server token for the authenticated user.
{{%note%}}{{%bold%}}Note:{{%/bold%}} The code to generate the token is be provided to you in the Catalyst console. It is also available in the {{%link href="/en/sdk/java/v1/cloud-scale/authentication/third-party-server-token/" %}}Java{{%/link%}}, {{%link href="/en/sdk/nodejs/v2/cloud-scale/authentication/third-party-server-token/" %}}Node.js{{%/link%}} and {{%link href="/en/sdk/python/v1/cloud-scale/authentication/third-party-server-token/" %}}Python{{%/link%}} SDK docs.{{%/note%}}

5. This token will then be passed to the Web SDK incorporated in the client code.

6. The user will be logged in to your application using a JSON Web Token ({{%badge%}}JWT{{%/badge%}}) generated from the client script, which will contain the authenticated user's details.  

7. **(a)**. The user will now have access to the components of your application through its endpoints. Catalyst Security Engine ensures that all Catalyst components associated with the application are accessed securely by users.

{{%note%}}{{%bold%}}Note:{{%/bold%}} If the end-user is accessing your application for the first time (a signup process), the user details will be added to {{%link href="/en/cloud-scale/help/authentication/user-management/introduction/" %}}{{%italics%}}User Management{{%/italics%}}{{%/link%}} in the Authentication component. Apart from this, the sign-in workflow will remain the same.{{%/note%}}

7. **(b)**. The user's details along with the token information will also be stored in the browser cookie through the Web SDK, to ensure their session is maintained.

{{%note%}}{{%bold%}}Note:{{%/bold%}} The token will remain valid only for {{%bold%}}one hour{{%/bold%}}. After that the steps from 1 to 8 will be repeated in the background.{{%/note%}}

#### Workflow of an authenticated user logging into your application while the token is still active



After a user is authenticated and the login session is persisting, the user can securely access all the end points of your application until the time the token is active.


--------------------------------------------------------------------------------
title: "Implementation"
description: "Catalyst Authentication enables you to provide secure authentication and sign-ins for your app users, and manage their user accounts."
last_updated: "2026-03-18T07:41:08.534Z"
source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/third-party-authentication/implementation/"
service: "Cloud Scale"
--------------------------------------------------------------------------------


# Set Up Third-party Authentication Type in Catalyst

Before you implement a third-party authentication service in Catalyst, you must ensure that you have first completed handling the third-party logic in the external service. 

To set up a third-party authentication method for your  Catalyst application:

1. Navigate to **Authentication** under *Cloud Scale* in the Catalyst console. Click the **Set Up** option in the third-party Authentication section to begin setting up the authentication type.
<br />

2. To proceed further and to allow end-users to sign up to your application, you have to enable **Public Signup**. You can learn more about this from the {{%link href="/en/cloud-scale/help/authentication/public-signup/" %}}Public Signup{{%/link%}} help page.
<br />

3. You must generate a custom server token to incorporate into your authentication function.

    * Choose **Java**, **Node.js**, or **Python** based on your preference, and copy the Catalyst script provided in it. Implement this into your backend logic which will generate the token when executed.

    * Click **Next**, to continue with the setup.

{{%note%}}{{%bold%}}Note:{{%/bold%}} 

* The scripts to generate a custom server token is also available in the respective {{%link href="/en/sdk/java/v1/cloud-scale/authentication/third-party-server-token/" %}}Java{{%/link%}}, {{%link href="/en/sdk/nodejs/v2/cloud-scale/authentication/third-party-server-token/" %}}Node.js{{%/link%}} and {{%link href="/en/sdk/python/v1/cloud-scale/authentication/third-party-server-token/" %}}Python{{%/link%}} SDK help sections. You can also access these scripts in the {{%link href="/en/cloud-scale/help/authentication/authentication-types/" %}}{{%italics%}}Authentication Types{{%/italics%}}{{%/link%}} section after you have set up third-party authetication.

* Values of {{%badge%}}role_name{{%/badge%}}, and {{%badge%}}org_id{{%/badge%}} are optional and not explicitly required to generate the server-side token. You can find out how to obtain the values of {{%link href= "/en/cloud-scale/help/authentication/user-management/users/introduction/" %}}{{%badge%}}org_id{{%/badge%}}{{%/link%}} and {{%link href= "/en/cloud-scale/help/authentication/user-management/roles/introduction/" %}}{{%badge%}}role_name{{%/badge%}}{{%/link%}} from their respective help pages.
{{%/note%}}

4. You can now copy the script that passes the generated token from the backend to the web client, and logs the user in to your application, if the they were successfully validated by the  third-party authentication service.
<br />

* Copy the Catalyst script present in the console under the *Client-Side Configuration* section. Implement this into your client code, which will process the server token and generate a {{%badge%}}JWT{{%/badge%}} when executed.
* Click **Next** to continue with the setup.

5. Next, in the {{%italics%}}Addional Settings{{%/italics%}} section, you can choose to include an additional authentication step by enabling the {{%link href="/en/cloud-scale/help/authentication/whitelisting/custom-user-validation/introduction" %}}{{%bold%}}Custom User Validation{{%/bold%}}{{%/link%}} option. This option allows you to validate your end-users using a {{%link href="/en/cloud-scale/help/authentication/whitelisting/custom-user-validation/how-it-works" %}}custom logic{{%/link%}} that you code in a {{%link href="/en/serverless/help/functions/basic-io" %}}Basic I/O function{{%/link%}}. You can find out how to set this up in the {{%link href="/en/cloud-scale/help/authentication/whitelisting/custom-user-validation/implementation" %}}Whitelisting help document{{%/link%}}. You can use the {{%italics%}}Authorized Domains{{%/italics%}} section to authorize external domains to have CORS and iFrame access to your application. You can find out how to set up authorized domains in the {{%link href="/en/cloud-scale/help/authentication/whitelisting/authorized-domains/introduction" %}}Authorized Domain help section{{%/link%}}.
<br />

6. Click **Finish** to enable the third-party authentication type.
<br />

In the {{%link href="/en/cloud-scale/help/authentication/authentication-types/" %}}{{%italics%}}Authentication Types{{%/italics%}}{{%/link%}} section, Catalyst will display a confirmation that a third-party authentication service has been enabled and your application's authentication is  being handled by it. You will also be able to access the Catalyst scripts to copy and use any time, and log end-users in to your application after being authenticated by the third-party service.