Partner Life Single Sign-On
Partner Life is the comprehensive portal for partners to manage contracts, support requests, customer information, and policy changes. This guide explains how to integrate your existing authentication system with Partner Life using the Platform GraphQL API.
Prerequisites
Before you begin, ensure you have:
- Your API Key
- Your Partner ID (the insurance system broker ID, e.g.,
123000,23330-2) - The Partner IDs of your sub-brokers and employee accounts (found in their welcome emails or in the colleague section of your Partner Life account)
Integration Steps
1. Basic Setup
First, set up access to the Platform GraphQL API as described in the Platform GraphQL API Guide.
2. Generate Magic Links
Use the createPartnerLifeMagicLink mutation to generate direct access links to Partner Life:
mutation CreatePartnerLifeMagicLink($input: CreatePartnerLifeMagicLinkInput!) {
createPartnerLifeMagicLink(input: $input) {
... on PartnerLifeMagicLink {
url
}
... on ErrorInterface {
message
}
}
}
Example input — logging in the partner identified by the x-partner-id header:
{
"input": {
"alreadyMultiFactorAuthenticated": true,
"acceptPartnerLifeTermsAndConditions": true,
"acknowledgePartnerLifePrivacyPolicy": true
}
}
Example input — logging in a sub-partner or colleague account:
{
"input": {
"partnerLifewareId": "123456",
"alreadyMultiFactorAuthenticated": true,
"acceptPartnerLifeTermsAndConditions": true,
"acknowledgePartnerLifePrivacyPolicy": true
}
}
If partnerLifewareId is omitted, the magic link is created for the partner identified by the x-partner-id request header. To create magic links for sub-partners or colleague accounts, provide their Partner ID in the partnerLifewareId field. The target partner must be within your broker tree.
3. Authentication Flow
The basic authentication flow works as follows:
4. Multi-Factor Authentication
If your system already implements MFA, you can skip Partner Life's MFA check by setting alreadyMultiFactorAuthenticated to true:
Only set alreadyMultiFactorAuthenticated to true if your system has already verified the user with multiple authentication factors. Misusing this flag bypasses an important security check.
Auto-Activation of Accounts
For partners with a Partner ID but no active Partner Life account, you can automatically activate their account by setting both acceptPartnerLifeTermsAndConditions and acknowledgePartnerLifePrivacyPolicy to true.
Before activating, ensure the partner has accepted:
If these parameters are not set and the account is not yet activated, the API will return a PartnerHasNoPartnerLifeAccountError.
Error Handling
The mutation returns a union type. Always handle the error cases:
| Error Type | Meaning | Resolution |
|---|---|---|
PartnerHasNoPartnerLifeAccountError | Account not yet activated | Set both T&C and privacy policy flags to true |
PartnerNotFoundError | Partner ID not found or not in your broker tree | Verify the Partner ID is correct and within your access scope |
PartnerHasNoEmailError | Partner has no email configured | Contact support to set up the partner's email address |
UnexpectedError | Unexpected internal failure | Log the error, optionally retry the request, and contact support if the problem persists |
Security Best Practices
- Protect magic link URLs — they are single-use authentication tokens. Do not log or cache them.
- Use server-side calls only — never call the API from client-side code; your API key would be exposed.
- Validate MFA claims — only set
alreadyMultiFactorAuthenticatedtotruewhen your system has genuinely verified the user with multiple factors. - Minimal scope — only request magic links for partners within your broker tree. The API enforces this, but your integration should validate upfront.
Need Help?
If you don't have access to Partner Life or need assistance, contact partner support.