Using Auth0 in the Partner Portal

Purpose

This is a detailed guide for users to use Auth0 when accessing the Partner Portal. We are moving to Auth0 as the authentication mechanism for Partner Portal to enhance the security of partner portal applications which adds an extra layer of protection to keep the account and information secure.

User flows

Signup on the Partner Portal

1. Access the Partner Portal:

   1. Open your web browser and navigate to the partner portal sign-up page.
   

2. Enter Your Credentials:

   1. Enter your first and last name
   2. Enter email and password in the respective fields.
   3. Enter the given security code (captcha).

3. Click Signup.

   1. Click the Signup to proceed.

4. You will need to verify your email address by clicking on the link sent to your registered email address.

Forgot your password

To reset the forgot password, follow the below steps:

1. Go to the partner portal login page.

2. Click the Forgot Password link below the login fields.

   

3. Provide the email address associated with your account.

4. Click the Send verification mail button.

5. Check your email for a password reset link. If you don’t see it, check your spam or junk folder.

   

6. Click the Reset your password link in the email. It redirects to the password reset page.

   

7. Enter and confirm a new password, ensuring it meets the password policy requirements (e.g., minimum 8 characters, includes a mix of letters, numbers, and symbols).

   

8. Click Reset password.

9. If Auth0 is enabled for your account, you may be required to verify your identity after resetting your password.

10. Return to the login page and use your new password to access your account.

API Client Secret

Developers are now allowed to generate their client secret from the Settings page in the Partner portal. This client secret is used to generate a partner token GET partner token API. You need to pass the client secret in the password parameter.

Steps to generate a client secret

1. Click on Create client secret.

2. Choose the desired expiry date for the client secret. It can be chosen from the calendar or set as never.

   

3. Click on generate secret.

4. Copy the client's secret or download the file containing the secret.

   

📘

Note :

For older partner portal users, who have been onboarded before 20th Nov, we have configured their current partner portal password as their client secret, they can continue to pass their current password, in the GET partner token API to generate partner token. This has been done to ensure that there is no impact to our older partners.

However, in case you change your password, you will need to generate the client secret via the settings page.

Refer to the API document.

Failed Authentication:

If the OTP is incorrect or expired, you will receive an error message. You can request a new OTP again.

Troubleshooting and Support

Common Issues:

• Not Receiving OTP: Ensure your email is correct and check your spam/junk folder. If using an Auth0, make sure it is synced properly.
• Expired OTP: OTPs have a limited validity period. Request a new one if your code has expired.

📘

NOTE:

• If the Auth0 isn't working, opt for email-based OTP verification.
• If neither option works, open a support ticket. The support team will coordinate with the Auth team to reset Auth0.
• After the reset, the partner has to re-configure the Auth0.

Step-by-Step Procedure for Partner after Auth0 integration

Step 1: Login into the Partner Portal after signup

1. For older partner portal users, they can continue to use their password configured.
2. Enter the captcha code displayed on the screen.
3. Click Login.

Need Further Assistance:

• If you encounter issues that cannot be resolved, contact the Gupshup partner support team or the help desk for further assistance.

Other Security Improvements

1. You will be logged out of your partner portal session after 24 hours.
2. If you have not opted for Auth0, you must log in again using your email address and password.