Single Sign-on using SAML 2.0
Introduction
COGNIGY.AI integrates seemlessly with existing SSO (Single Sign-on) Identity Providers like Azure Active Directory, OneLogin and Okta, in order to allow users of an organisation to login to COGNIGY.AI without having separate credentials for this. Users signed in through Single Sign-On will have access rights, meaning you can still use the Access Control tool in COGNIGY.AI to manage the access rights of individual users.
Getting the SSO URL
In order to configure Single Sign-on in your Identity Provider, you need the URL that is used during the SAML authentication process. The SAML requests are sent to the API service, and you therefore need to use the API domain you configured for your installation. The SSO URL looks like this
https://<api-url>/auth/saml/login/<organisation-id>
Common Mistake! API URL is Different to the UI URL
As an example; The api-url for the trial environment is "api-trial.cognigy.ai". If you perform this api request to "trial.cognigy.ai" it will fail.
The organisation-id is the id of your organisation within Cognigy.AI. You can collect your organisationId from the My Profile page by selecting the extended menu (three dots in top right corner) and clicking "Copy Organization ID".
You will need this SSO URL when configuring your IDP in one of IDP setup guides.
Configuring the SSO Provider with Cognigy.AI
Please refer to one of the more specific guides for the supported Identity Providers at the bottom of the article under Next Steps for an example of the required API request.
In case your Identity Provider is not listed, we advise you to take OneLogin guide as an example. The API request for configuring SSO with Cognigy.AI is identical, yet the configuration values differ per provider.
Getting the SLO URL
Only avaiable for certain IDPs
Single Logout is currently only supported with OneLogin
In order to configure Single Logout for your Identity Provider, you need the URL used to process the logout request from the IDP. During SLO, the IDP will redirect to the frontend of COGNIGY.AI, and you therefore need to use the frontend domain you configured for your installation. The SLO URL looks like this
https://<frontend-url>/slo/<organisation-id>
The api-url could for instance be trial.cognigy.ai
SP initiated SLO
COGNIGY.AI doesn't implement Service Provider initiated Single Logout. Only IDP initiated SLO is supported.
Cognigy Help Center
Find out more about connecting to your proffered SSO provider in our Help Center
Changing a Single Sign-on Configuration in COGNIGY.AI
You can only have one SSO configuration for your organisation. If you want to change the configuration, you first have to delete it and create a new one. To delete an SSO configuration, send a POST request to:
https://<api-url>/v2.0/identityprovider/reset
API Reference
Read more about using the Cognigy.AI API on the API Reference Page
Logging in via SSO
When a user logs into COGNIGY.AI via SSO for the first time, they have to do it from the Identity Provider. Doing this will give them the correct access rights in COGNIGY.AI, and allow them to login via the COGNIGY.AI login page on subsequent logins.
Logging in for the first time
Users have to login from the IDP on the first login.
To login to COGNIGY.AI from the login page, click on Login with SSO and enter your email. This will redirect you to your IDP if an IDP is configured for your organisation.
Updated 12 days ago