Customer Onboarding
Prepare a customer portal for Aura Home
Use this checklist before implementation starts. It helps Cadisa and the customer team agree the portal, identity, runtime, security, and launch details needed for a smooth SDK integration.
Customer Inputs
| Item | Example | Owner |
|---|---|---|
| Portal domain | https://portal.customer-domain.com | Customer |
| Aura Home runtime domain | https://aura.customer-domain.com | Cadisa + Customer |
| Identity provider | Okta, Azure AD, Auth0, Google, or SAML bridge | Customer |
| OIDC issuer | https://customer.okta.com/oauth2/default | Customer |
| Client ID or audience | aura-home | Customer |
| Allowed parent origin | https://portal.customer-domain.com | Cadisa |
| Brand profile | Theme id, logo URL, mode, primary color, accent color, and font family | Customer + Cadisa |
| Technical contact | Named engineering owner and support channel | Customer |
Portal Readiness
- The portal page has a stable container for Aura Home.
- The portal is served over HTTPS with a trusted certificate.
- The portal can load the SDK package or bundled SDK asset.
- Content Security Policy allows the Aura Home runtime in
frame-srcandconnect-src. - The portal can provide an OIDC/JWT token through
auth.getTokenwhen enterprise SSO is enabled.
Integration Decisions
| Decision | Recommended Default |
|---|---|
| Visible sections | Start with chat and profile; hide navbar, footer, onboarding, pricing, and legal pages inside customer portals. |
| Container height | Use a fixed slot or viewport-based height such as calc(100vh - 120px) with a sensible minimum. |
| Authentication | Use OIDC/JWT through auth.getToken; bridge SAML to OIDC/JWT if needed. |
| Branding | Prefer dashboard-published appearance profiles and allowlisted CSS variables first; use hosted stylesheets only for broader customer-specific refinements. |
| Launch validation | Test HTTPS, CSP, token claims, iframe load, SDK events, and mobile sizing before production rollout. |
Handoff Package
Before launch, the customer and Cadisa teams should confirm the following:
- Final runtime URL and allowed origin values.
- Final identity issuer and audience values.
- Certificate ownership and renewal path.
- Production CSP rules.
- Approved theme id and dashboard-published appearance profile for the target runtime.
- Support path for failed auth, iframe, or certificate issues.