GuidesAPI Reference
GuidesLog In

Single Sign-on using SAML 2.0

Introduction

COGNIGY.AI integrates seemlessly with existing SSO (Single Sign-on) Identity Providers like Azure Active Directory, OneLogin and Okta, in order to allow users of an organisation to login to COGNIGY.AI without having separate credentials for this. Users signed in through Single Sign-On will have access rights, meaning you can still use the Access Control tool in COGNIGY.AI to manage the access rights of individual users.

Getting the SSO URL

In order to configure Single Sign-on in your Identity Provider, you need the URL that is used during the SAML authentication process. The SAML requests are sent to the API service, and you therefore need to use the API domain you configured for your installation. The SSO URL looks like this

https://<api-url>/auth/saml/login/<organisation-id>

🚧

Common Mistake! API URL is Different to the UI URL

As an example; The api-url for the trial environment is "api-trial.cognigy.ai". If you perform this api request to "trial.cognigy.ai" it will fail.

The organisation-id is the id of your organisation within Cognigy.AI. You can collect your organisationId from the My Profile page by selecting the extended menu (three dots in top right corner) and clicking "Copy Organization ID".

You will need this SSO URL when configuring your IDP in one of IDP setup guides.

📘

Configuring the SSO Provider with Cognigy.AI

Please refer to one of the more specific guides for the supported Identity Providers at the bottom of the article under Next Steps for an example of the required API request.

In case your Identity Provider is not listed, we advise you to take OneLogin guide as an example. The API request for configuring SSO with Cognigy.AI is identical, yet the configuration values differ per provider.

Getting the SLO URL

🚧

Only avaiable for certain IDPs

Single Logout is currently only supported with OneLogin

In order to configure Single Logout for your Identity Provider, you need the URL used to process the logout request from the IDP. During SLO, the IDP will redirect to the frontend of COGNIGY.AI, and you therefore need to use the frontend domain you configured for your installation. The SLO URL looks like this

https://<frontend-url>/slo/<organisation-id>

The api-url could for instance be trial.cognigy.ai

🚧

SP initiated SLO

COGNIGY.AI doesn't implement Service Provider initiated Single Logout. Only IDP initiated SLO is supported.

📘

Cognigy Help Center

Find out more about connecting to your proffered SSO provider in our Help Center

Changing a Single Sign-on Configuration in COGNIGY.AI

You can only have one SSO configuration for your organisation. If you want to change the configuration, you first have to delete it and create a new one. To delete an SSO configuration, send a POST request to:

https://<api-url>/v2.0/identityprovider/reset

📘

API Reference

Read more about using the Cognigy.AI API on the API Reference Page

Logging in via SSO

When a user logs into COGNIGY.AI via SSO for the first time, they have to do it from the Identity Provider. Doing this will give them the correct access rights in COGNIGY.AI, and allow them to login via the COGNIGY.AI login page on subsequent logins.

🚧

Logging in for the first time

Users have to login from the IDP on the first login.

To login to COGNIGY.AI from the login page, click on Login with SSO and enter your email. This will redirect you to your IDP if an IDP is configured for your organisation.


Did this page help you?