1. Cognism
  2. Administration & Billing
  3. Provisioning

Setting up OKTA integration with Cognism

Ivana
Updated

The Okta – Cognism SAML integration allows users in your organization to access the Cognism platform seamlessly using Single Sign-On (SSO) and you can also carry out user provisioning via SCIM. 

 

📌 Prerequisites

Before you begin, ensure the following:

  • You must be an Okta Admin
  • You must be an Admin in Cognism
  • Your Cognism account must be on the Diamond Package

 

⚠️ If you do not have the required values, please contact Cognism Support.

 

Quick Navigation:

Add the Cognism App in Okta

Set up Okta SSO 

Set up Okta SCIM

 

Add the Cognism App in Okta

 

  1. Log in to your Okta Admin Console
  2. Navigate to ApplicationsApplications
  3. Click Add Application or Create New App
  4. In the App Integration Catalog, search for Cognism
  5. Click Cognism, then click Add Integration

 

 

💡 You may choose to create a second app exclusively for SP-initiated login. If so, use the "Do not display application icon to users" option to hide it from their dashboards.

 

Set up Okta SSO 

 

Within Okta:

  1. Open the Cognism App in your Okta Admin Dashboard.
  2. Go to the Sign On tab.
  3. Enter the Default Relay State value:
    PUKgc1bMxqQDKulHYsQy
    Click Save.
  4. Click View SAML setup instructions on the right.
    This will display your Identity Provider Single Sign-On URL and X.509 Certificate.

 

 

Within Cognism: 

  1. Click your User Avatar in the top-right corner and go to Settings.
  2. Select Single Sign-On from the left-hand menu.
  3. Click Configure next to Okta.
  4. Copy and paste the Identity Provider SSO URL and X.509 Certificate from Okta.
    1. Do not include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

  5. Click Enable to activate Okta SSO.

     

     

    Once enabled, any user assigned the Cognism app in Okta can log in via IdP-initiated SSO from their Okta dashboard.

📝Important Notes

  • If SSO is enabled via Okta, users must log in through Okta.
    Using the SSO button on app.cognism.com will result in an error.
  • To enable login via the SSO button on the Cognism login page (SP-initiated SSO), you must:
    • Create a second Cognism app in Okta.
    • Set it up following the Custom SSO configuration instructions.
    • Ensure it is not shown on the user's Okta dashboard so they don't have duplicate apps.

 

Set Up Okta SCIM

 

Within Cognism:

  1. Access API Settings
  • Click on your User Avatar in the top-right corner and navigate to Settings.
  • Select the Tokens/API tab from the left-hand menu.
  • ⚠️ If you do not see the Tokens page, please email support@cognism.com.

2. Generate API Token

  • Click Generate New Token.
  • 📌 Note: The token is valid for 6 months or until the end of your contract, whichever comes first.
    • Example: If your contract expires in 2 months, the token will only be valid for 2 months.

3. Copy the Token

  • Make sure to copy and securely save the token. You will not be able to retrieve it again later.

 

Within Okta: 

  1. Application Configuration
  • Go to your Okta Admin Dashboard, locate the Cognism app and navigate to the Sign On tab.
  • Scroll to Credential Details and set the Application username format to Email.

2. Enable API Integration

  • Go to the Provisioning tab and click Configure API integration.
  • Tick the box for Enable API Integration.
  • In the API Token field, paste the token you copied from the Cognism platform.
  • Click Test API Credentials.
  • If the test is successful, click Save.

3. Enable SCIM Features

  • Under Settings, click To App.
  • Click Edit and enable the following:
    • Create Users
    • Update User Attributes
    • Deactivate Users
  • Click Save to apply the settings.

4. Assign Users to the App

  • Go to the Assignments tab and assign users to the Cognism app as needed.
  • Once assigned, users will be provisioned based on the integration settings.

 

 

📝 Important Notes

  • Changing a user's email in Okta will not update their email in Cognism, as the email serves as the user’s unique identifier. Instead, if there are available licenses, a new user will be created in Cognism.
  • Deactivated users in Okta remain saved in Cognism as inactive user records. These accounts can be reactivated either from Okta or directly within Cognism.
  • Users added via Okta do not receive welcome emails or prompts to set a password from Cognism, as authentication is fully handled through SSO.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.