Custom Single Sign-on integration allows for easier access of your organization’s users to the Cognism platform with the enablement of SP-initiated Single Sign-On.
Pre-requisites
Custom Single Sign-on is only available on the Diamond License.
Setup needs to be completed by a Cognism Admin and the Custom SSO provider admin user.
We suggest having a blank document open to paste URLs, Entity IDs and X.509 Certificate to make setup easier.
The steps below outline the setup process. You will be required to go back and forth between your organisation’s custom SSO instance and the Cognism Web Application.
Copy the Identifier and ACS URL (SSO URL) from the Cognism Web Application and configure SAML in your Custom SSO
Click the User Avatar at the top-right of the screen and click Settings.
Click the Single Sign-On tab at the left of the screen. Go to the Custom SSO and click Configure.
Copy the Identifier (Entity ID) and ACS URL (SSO URL) from the modal in Cognism and paste this in your custom SSO.
-
Match Username (or Name ID) to an email address.
If applicable, choose BasicInformation in the dropdown. (Dependent on your custom SSO provider)
Ensure the format is set to Email.
Within your custom IdP, check if there are signing options, and if so, ensure that the Sign Assertion option is selected.
Cognism checks the assertion signature and not the response signature.
Get the Single Sign-on URL, Entity ID and X.509 Certificate in your Custom SSO
You should be able to copy the X.509 certificate and Entity ID.
Copy the Single Sign-on URL.
These should be pasted in the blank document to be used to complete the configuration back in the Cognism Web Application.
Complete the configuration in the Cognism Web Application
Paste the Single Sign-on URL.
Paste the Entity ID from your custom SSO provider.
Paste the X.509 Certificate that is generated in your custom SSO provider.
Remember to exclude the text “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----”
Click Enable to activate the Custom SSO once all fields are filled in.
Log in with your new SSO configuration
The domain may need to be whitelisted. Our team will be notified automatically in the background and will be in touch once the process is completed.
Users can then log in to Cognism by clicking the SSO button on the login page.
For a successful login experience, ensure that users assigned in the SSO provider are all associated with the same Cognism account.
Comments
Please sign in to leave a comment.