Access
Connect cross-platform accounts & identity management
AccelByte provides 3rd Party Login Integration and Single Sign-On (SSO), to enable players to log into your game or platform with a credential from a 3rd party. When a player uses 3rd party credentials to sign into your game or platform for the first time without first creating an account, a headless account (an account without an email address) is created for that player. You can offer players the option to upgrade their headless account to a full account in your game or on your platform. Players need to provide an email address and date of birth to create full login credentials.
After players create a headed account, they can then link their accounts from other 3rd party platforms to it. This enables cross-progression, or the ability for players to access their game data and continue play from different platforms.
Here’s a table showing the platforms we support, and the features they offer:
Device ID*
Device ID can refer to a computer’s serial number, the IMEI of a mobile device, or some other unique identifier. Device ID can be used both for testing and as an easy way for players to log into mobile games without an account.
Microsoft Azure**
Third party login using Microsoft Azure credentials is only for the Admin Portal. It’s intended to give teams that already have Microsoft accounts a quick way to access the Admin Portal without having to first have an account created for them.
Before implementing 3rd Party Login, make sure you’ve set up the following items:
Permissions are used to grant access to specific resources within our services. Make sure your account has the following permissions before you attempt to integrate 3rd Party Login in the Admin Portal. For a full list of permissions that impact identity access management, see the IAM tab of the permissions reference.
Usage | Permission Tag | Action |
Add SSO Platform Credential | ADMIN:NAMESPACE:{namespace}:PLATFORM:{platformId}:SSO | Create |
Add Third Party Platform Credential | ADMIN:NAMESPACE:{namespace}:PLATFORM:{platformId}:CLIENT | Create |
Permissions work slightly differently depending on whether they are assigned to IAM Clients or Roles assigned to users. For more information, read the Authentication and Authorization documentation.
Enabling 3rd party login methods consists of configuring the login from your chosen platform in the Admin Portal, use our SDK to retrieve the Auth token for that platform, then log players in with their 3rd party credentials.
3rd party login methods can either be configured in a game namespace, or in the publisher namespace. When you configure login from a 3rd party platform within a game namespace, only that game will be accessible using the credentials from the configured platform.
Follow the steps below to set up the 3rd-party configuration in the Admin Portal.
Make sure you are in the namespace you want to configure.
Go to the User Management section of the main menu and select Login Methods.
On the Login Methods page, click the Add New button.
The Login Platform Configuration page displays the available login platforms.
Choose the login platform you want to configure.
The Create Configuration form for the login platform you selected appears.
Fill in the required fields for your chosen login platform as shown below:
In the Redirect URI field, input the URI where the user will be directed to once the account authorization is successful. The default URI is http://127.0.0.1.
IMPORTANT
Currently we only support 3rd-party login integration for your website or web platform using these credentials. In-game login is not yet supported.
Complete the fields as follows:
Complete the fields as follows:
Complete the fields as follows:
http://127.0.0.1
.IMPORTANT
Currently we only support 3rd-party login integration for your website or web platform using these credentials. In-game login is not yet supported.
Complete the fields as follows:
{baseURL}/iam/v3/platforms/facebook/authenticate
.NOTE
To complete the setup, you’ll also have to configure the Redirect URI in the Facebook Developer Portal.
IMPORTANT
Currently we only support 3rd-party login integration for your website or web platform using these credentials. In-game login is not yet supported.
Complete the fields as follows:
IMPORTANT
In addition to the steps below, there are some tasks that must be performed in the Azure Portal to enable 3rd party login using Microsoft Azure. Please contact AccelByte if you need assistance.
Complete the fields as follows:
Complete the fields as follows:
Select your environment type in the Environment field. You can choose from the following options:
Environment | Purpose |
Production | Development |
Live Production | QA |
Upload the Root Certificate .pem file.
Upload the Public Certificate .pem file.
Upload the Encrypted Private Key .pem file.
NOTE
You can download the mTLS certificate on the mTLS tab in your Netflix Partner Account Manager (opens new window).
Input the Application ID for your application in the App ID field. You can find your Application ID in your product information in the Nintendo Developer Portal.
Complete the fields as follows:
Input the Client ID for your game in the PlayStation App Server in the Client ID field.
Input the Client Secret for your game in the PlayStation App Server in the Client Secret field.
Select your environment type in the Environment field. You can choose from the following options:
Environment | Purpose |
sp-int | Development |
prod-qa | QA |
np | Live Environment |
Input the URI that the user will be directed to once the account authorization is successful in the Redirect URI field. For PS4, the default URI is orbis://games
.
Complete the fields as follows:
Input the Client ID for your game in the PlayStation App Server in the Client ID field.
Input the Client Secret for your game in the PlayStation App Server in the Client Secret field.
Select your environment type in the Environment field. You can choose from the following options:
Environment | Purpose |
sp-int | Development |
prod-qa | QA |
np | Live Environment |
Input the URI that the user will be directed to once the account authorization is successful in the Redirect URI field. For PS4, the default URI is orbis://games
.
Complete the fields as follows:
Input the Client ID for your game in the PlayStation App Server in the Client ID field.
Input the Client Secret for your game in the PlayStation App Server in the Client Secret field.
Select your environment type in the Environment field. You can choose from the following options:
Environment | Purpose |
sp-int | Development |
prod-qa | QA |
np | Live Environment |
Input the URI that the user will be directed to once the account authorization is successful in the Redirect URI field. For PS5, the default URI is orbis://games
.
Complete the fields as follows:
Complete the fields as follows:
Complete the fields as follows:
Complete the fields as follows:
http://127.0.0.1
.Complete the fields as follows:
http://127.0.0.1
.Complete the fields as follows:
Upload the Relying Party Private Key for your game in .pem format in the Relying Party Private Key field.
Complete the fields as follows:
Fill the Platform Identity Provider form with the following information:
NOTE
The way in which you obtain your Client ID will differ across providers. Please check your provider's documentation for more information.
Once completed, click Next.
Fill the Token Claims Mapping form with the following information:
TIP
For more information on token claims, see OpenID’s documentation (opens new window).
Once you have completed all the fields, click Create.
These functions allow your players to log into your game using a verified account linked to a 3rd-party account. See our two-factor authentication documentation for more information about setting up authenticators.
Before a player can log in, you will need to enable two-factor authentication with your 3rd-party authentication app.
Before a player can log in, you will need to enable two-factor authentication with the Backup Code method and save this backup code.
Single Sign-On (SSO) enables players to log in with a single credential to access several independent services. To enable SSO we use Discourse, which is an open-source discussion platform that can be used as a mailing list.
Go to the Admin Portal, and click on the SSO Configurations menu.
Click the Configure Now button to add a new configuration.
The Add Discourse Configuration appears. Fill in the required information:
When you’re done, click Submit.
After creating the configuration, it will be accessible from the Discourse SSO Configuration panel on the SSO Configurations page.
To enable SSO with Google credentials in the Admin Portal, you must first register the Google domain members of your institution will use to access the Admin Portal. You can also associate roles and IAM clients with a domain, allowing you to control what users under that domain can access. Multiple domains can be registered and configured independently.
NOTE
You can only register a Google domain from the publisher namespace.
In the publisher namespace of the Admin Portal, click Login Methods.
On the Login Platform Configuration page, find the Google configuration and click View under the Action column.
On the Login Platform Configuration page, scroll to the Domain section.
Click the Register Domain button.
The Register Domain form appears. Fill in the fields with the following information:
When you’re done, click Save.
For a player to log into your game or platform with 3rd party credentials, the game needs to pass the Auth token from the 3rd party platform whose credentials the player is using to the publisher platform.
The Device ID Auth token is whatever is retrieved by either Unity or Unreal Engine. To retrieve the Device ID Auth token, use the following function:
For Unity, you can get the Auth token by using the AWS SDK for .NET. For Unreal Engine you can use the AWS C++ SDK. Here is an example of how to get an AWS Cognito Auth token:
You can also get an Auth token by making a HTTP Request, as seen in the example below.
For more details about setting up platform authentication, refer to the AWS documentation.
For Unity, you can get the Auth token for EOS by using the EOS SDK. For Unreal Engine you can use the EOS C# SDK. Here are the functions to retrieve the EOS Auth token:
You can enable login with Nintendo credentials by using the Unreal Engine OSS. For now, only Unreal Engine is supported.
Unreal Engine (with OSS)
Prerequisites:
Configuration steps:
Use the following function to retrieve the Netflix GamerAccessToken:
IMPORTANT
This configuration can only be used for PS4 games, not PS4 Cross-Gen games. For PS4 Cross-Gen games, use PS5 as the platform.
For Unity, you can get the Auth code by using NpToolkit. For Unreal Engine, you can use OnlineSubsystemPS4 which is already included in Unreal Engine.
For PS5, you can get the Auth code by using the function below. For now, only Unreal Engine is supported.
When Snapchat Auth is complete, the page will be redirected to <redirec_uri>?code=<logincode>. If the URL value contains BaseUrl, the login code should be available. Check every URL to ensure they have changed correctly.
For Stadia, you can get the Auth code by requesting a user's JWT token, or you can use the Stadia Platform Support package. For now, only Unity is supported.
To get the Steam Auth ticket in Unity, use the tickets obtained from Steamworks.NET. For Unreal Engine, use the ticket obtained from Steamworks.
For Twitch, you can get the Authentication token by using the function below:
For Xbox, you can get the Auth token by using the function below: