How to Set Up Okta Integrations with Cognism

How to set up Okta integrations with Cognism: this guide shows how to integrate Cognism and Okta using SSO and SCIM provisioning. 

By enabling Cognism SSO and automated user management, you can manage user permissions across Cognism integrations more securely and efficiently.

Set up Okta SAML SSO and SCIM provisioning for Cognism

Here’s how to configure Single Sign-On (SSO) and user provisioning (SCIM) between Okta and Cognism.

Once configured, users can log in to Cognism via Okta SSO, and admins can automatically manage users via SCIM.

Prerequisites

Before you begin, make sure:

• You are an Okta admin  
• You are an admin in Cognism  

If you do not have the required access, contact Cognism Support.

Add the Cognism app in Okta

1. Log in to your Okta Admin Console.  
2. Go to Applications > Applications.  
3. Select Add application or Create new app.  
4. In the App Integration Catalogue, search for Cognism.  
5. Select Cognism > Add integration.  

You can create a second Cognism app for SP-initiated SSO only.

If you do this, select Do not display application icon to users to hide it from user dashboards

Set up Okta SSO

Configure SSO in Okta

1. Open the Cognism app in your Okta Admin Console.  
2. Go to the Sign On tab.  
3. Enter the following Default Relay State value:

PUKgc1bMxqQDKulHYsQy  

4. Select Save.  
5. Select View SAML setup instructions.  

6. Copy the following values: 
   • Identity Provider Single Sign-On URL 
   • X.509 Certificate 

Configure SSO in Cognism

1. Go to Settings in the left-hand side bar.  
2. Select Single sign-on.  
3. Select Configure next to Okta.  

4. Paste the Identity Provider SSO URL and X.509 Certificate from Okta. 
   1. Do not include

-----BEGIN CERTIFICATE----- or

-----END CERTIFICATE-----    

5. Select Configure.  

Once enabled, users assigned to the Cognism app in Okta can log in using IdP-initiated SSO from their Okta dashboard.

Important SSO behaviour

• When Okta SSO is enabled, users must log in via Okta  
• Selecting the SSO button on app.cognism.com will return an error  

Enable SP-initiated SSO (optional)

To allow login from the Cognism login page:

1. Create a second Cognism app in Okta.  
2. Configure it using Custom SSO instructions.  
3. Hide the app from the Okta user dashboard to avoid duplication. 

Set up Okta SCIM provisioning

Generate an API token in Cognism

1. In Cognism, go to Settings in the left-hand side bar > Tokens / API. 
   • If you do not see this tab, contact support@cognism.com
2. Select Create new token.  
   • The token is valid for six months or until your contract ends, whichever comes first.
3. Copy and securely store the token. You cannot retrieve it again later. 

Configure SCIM in Okta

Set application username format

1. In Okta, open the Cognism app.  
2. Go to Sign On.  
3. Under Credential details, set Application username format to Email.  

Enable API integration

1. Go to Provisioning > Configure API integration > Enable API integration.  
2. Paste the Cognism API token.  
3. Select Test API credentials > If successful Save.  

Enable provisioning actions

1. Under Provisioning > To App > Edit.  
2. Enable: 
   1. Create users  
   2. Update user attributes  
   3. Deactivate users    
3. Select Save.  

Assign users

1. Go to the Assignments tab.  
2. Assign users to the Cognism app. 

Assigned users are provisioned automatically based on your SCIM settings.

Important SCIM behaviour

• Changing a user’s email address in Okta does not update it in Cognism 
  • Email is the unique identifier 
  • A new Cognism user is created if licences are available 
• Deactivated users in Okta remain in Cognism as inactive users  
• Users provisioned via Okta: 
  • Do not receive Cognism welcome emails 
  • Do not set passwords in Cognism 
  • Authenticate only through SSO 

Expected results

After setup:

• Users log in to Cognism using Okta SSO 
• User creation and deactivation are managed through Okta 
• No manual user invites or password management are required 

Next steps

• Assign users to the Cognism app in Okta 
• Test SSO and SCIM with a pilot user 
• Review inactive users and license usage in Cognism