Single Sign-on

Introduction

COGNIGY.AI integrates seemlessly with your existing Single Sign-on Identity Provider to allow users of your organisation to login to COGNIGY.AI without having separate credentials for this. Users signed in through Single Sign-On will have access rights, meaning you can still use the Access Control tool in COGNIGY.AI to manage the access rights of individual users.

Getting the SSO URL

In order to configure Single Sign-on in your Identity Provider, you need the URL that is used during the SAML authentication process. The SAML requests are sent to the API service, and you therefore need to use the API domain you configured for your installation. The SSO URL looks like this

https://<api-url>/auth/saml/login/<organisation-id>

The api-url could for instance be api-demo.cognigy.ai and the is the id of your organisation within COGNIGY.AI. You can find your organisationId on your profile page.

You will need this SSO URL when configuring your IDP in one of IDP setup guides

Getting the SLO URL

๐Ÿšง

Only avaiable for certain IDPs

Single Logout is currently only supported with OneLogin

In order to configure Single Logout for your Identity Provider, you need the URL used to process the logout request from the IDP. During SLO, the IDP will redirect to the frontend of COGNIGY.AI, and you therefore need to use the frontend domain you configured for your installation. The SLO URL looks like this

https://<frontend-url>/slo/<organisation-id>

The api-url could for instance be demo.cognigy.ai

๐Ÿšง

SP initiated SLO

COGNIGY.AI doesn't implement Service Provider initiated Single Logout. Only IDP initiated SLO is supported.

Changing a Single Sign-on Configuration in COGNIGY.AI

You can only have one SSO configuration for your organisation. If you want to change the configuration, you first have to delete it and create a new one. To delete an SSO configuration, send a DELETE request to https:///security/identityprovider.

Logging in via SSO

When a user logs into COGNIGY.AI via SSO for the first time, they have to do it from the Identity Provider. Doing this will give them the correct access rights in COGNIGY.AI, and allow them to login via the COGNIGY.AI login page on subsequent logins.

๐Ÿšง

Logging in for the first time

Users have to login from the IDP on the first login.

To login to COGNIGY.AI from the login page, click on Login with SSO and enter your email. This will redirect you to your IDP if an IDP is configured for your organisation.


Did this page help you?