Deeplink between Mx Apps with automatic login

Dear Community, I'm trying to implement the Deeplink Module together with Single Sign On (SSO) features in between 2 Mendix applications, but am having trouble getting it to work. My question: ? How can I use the UserAccount of one application, to automatically let the user sign in into the deeplinked application in which user also has a UserAccount? Situation (functional specs): The Mendix architecture of a client consists of multiple Mx applications. The client uses Okta to automatically sign in to Mendix for 1 App. Once logged in the user has a MxID and a specific security role that should be used across other Mx apps. From the first App the user can navigate to other applications using his ID and thus without having to sign in again. In essence the user needs to experience the different apps as if they are 1 application, staying in the same browsertab. Technical depth: Application 1 - Portal Application 2 - Backbone Module "SAML2" (For Okta) is used to login to the Portal Module "Deeplink" is used to link between the Portal and the Backbone SSO not used yet, required? If so, how? Deeplink configuration Backbone: Within the backbone application I've setup the deeplink module and configured a couple of pages to be used from the Portal using Object parameters as input. The goal is that once a user clicks on the backbone icon he gets redirected from the Portal to the Backbone application, without having to sign in experiencing no change of applications. Example of configuration: Name - ProductNewEdit Link - http://localhost:8082/link/ProductEdit/YourValue MF - DeepLink.Product_Edit Object Parameter - Module.Product (module in which the object is saved) Attribute of value - ProductId Allow guests - true Use as Home - False Alternative index page - empty locally (set to '' for production) Usage in Portal: From a datagrid, a user selects a product to open redirecting him to the Backbone App supplying the unique Product Id as Object parameter. The Deeplink module gets triggered, should look at his UserAccount, signs in, start the corresponding MF and opens the correct page with the supplied ProductId. Thanks in advance, Olivier
4 answers

As far as I know, this should be possible using the deeplink module in combination with an SSO solution. The answer to your specific question:

? How can I use the UserAccount of one application, to automatically let the user sign in into the deeplinked application in which user also has a UserAccount?

Is: you can't, but you can fake it. If both apps have SSO and the same user accounts, the app you are linking to can perform SSO with the user requesting the link, before actually showing the contents. In practice, to the user it will appear as if the link just takes longer to load, because of the SSO.

In terms of Mendix app store modules:

  • I assume you have some kind of SSO or custom login in place. For example, in
  • When the user navigates to that URL, he is logged into app1.
  • App2 has a deep link module with its LoginLocation constant set to "" (note "app2"), and AllowGuests set to false for the link we want.
  • When the user opens a link (e.g., he is taken to app2. App2 has no session for this user, so redirects to the SSO URL (for app2).
  • The user is logged in using SSO, and forwarded back to the deeplink URL.
  • App2 now has a valid session and the deeplink is shown.

To summarize:

  • Both apps must have some kind of SSO
  • The deeplink module LoginLocation constant must be set to the right URL to allow SSO to take place (this depends on the specific module used)
  • The deeplink configuration must disallow guests (or no SSO attempt will be made).

? How can I use the UserAccount of one application, to automatically let the user sign in into the deeplinked application in which user also has a UserAccount?

To let a user use a mendix App it needs a valid session in that app. If the user is logged in Portal it is not automatically logged in in BackBone. You need a mechanism to achieve that. This can be done with a unique session id that is passed from Portal to Backbone. Backbone needs to against Portal wether this is a valid session and if yes create a session in backbone.

The last part you have to write yourself in java but you can use the loginhelper from SSO which does almost the same.


I ran into this same issue. No matter what, the deeplink in app2 was created and I was sent to it, but i wasn’t being logged into SSO despite it being set up. It was being created by an anonymous user and loaded as that anonymous user.


After ripping my hair out for days, I realized the key is in the Deeplink config: ALLOW GUSTS *must* be turned off. This is something that isn’t mentioned anywhere in any documentation and I’ve found many posts here in the forums about this but no one mentions this one key setting that is neccessary. It is a *little* bit slow to open the deep link but eventually it works. it tends to take 5-10 seconds.


My question is though, what if you wanted a deep link to work this way, but also wanted specific deep links to be available to guests (people outside your company viewing a read only report). Is there a way to accomplish both?