Single Sign On

Introduction

Single Sign On eliminates the need for users to login specifically to the Cohort Go platform, and instead utilizes your organisation's central user directory. Cohort Go is compatible with any SAML-compliant directory server, including Microsoft Active Directory.

Before you start

You'll need to have appropriate permission to setup a new trust relationship in your system. This usually requires system administrator privileges.

You'll also need to contact your account representative at Cohort Go to have a sign-on link established. We'll provide you with a link to give your users to easily start their login experience with Cohort Go.

Configuring SSO

  1. Visit Settings -> Connections , and click "New Connection".
  2. Select "SAML SSO Connection".
  3. Enter the details of your Identity Provider (Target URL, Certificate, Name Identifier Format). These will be provided by your system when you create a new SAML "Relying Party" configuration.
  4. Save the connection to enable it.

Example: Configuring SSO with Google Apps

  1. Visit your Google Admin console via https://admin.google.com
  2. Click 'Apps' then 'SAML Apps' to enter the management section for single sign on applications.
  3. Click the plus symbol to add a new configuration.
  4. Select 'Setup my own custom app'.
  5. Copy the SSO URL to be the "Target URL" in the Cohort Go Platform.
  6. Download the 'Certificate', and copy the content of this file into the "Certificate" field.
  7. Click "Next"
  8. Enter 'Cohort Go' as a name for the app, and click 'Next'.
  9. Assuming your sign-in link is https://partner123.portal.cohortgo.com, enter https://partner123.portal.cohortgo.com/saml/consume as the ACS URL, and https://partner123.portal.cohortgo.com as the Entity ID.
  10. Click "Next".
  11. Click "Finish" to save your integration.
  12. Enter urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress as the 'Name Identifier Format' in the Cohort Go configuration dialog.
  13. Click 'Save' to enable the SSO connection.

Example: Configuring SSO with Azure AD

Note: These steps are based upon the guides published by Microsoft starting at https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal

  1. Visit your Azure Active Directory Admin Centre
  2. In the left menu, select Enterprise applications. The All applications pane opens and displays a list of the applications in your Azure AD tenant.
  3. In the Enterprise applications pane, select New application.
  4. The Browse Azure AD Gallery pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Click 'Create your own application'
  5. Enter 'Cohort Go' as the application name, and keep 'Integrate any other application you don't find in the gallery (Non-gallery)' as the selected option;
  6. Click 'Setup Single Sign On'
  7. Click 'SAML'
  8. Click 'Upload Metadata File'
  9. Download your metadata file from your logged in portal by downloading <Your Domain>/saml/metadata.xml (Login to see your full URL)
  10. Upload this file.
  11. In the 'Sign on URL', enter <Your Domain>/login (Login to see your full URL)
  12. Click 'Save'
  13. Copy the 'App Federation Metadata URL'
  14. Visit Settings -> Connections , and click "New Connection".
  15. Select "SAML SSO Connection".
  16. Select 'Configure from Metadata URL', and provide the 'App Federation Metadata URL' that you copied from Azure AD
  17. Click 'Create'
  18. SAML Single Sign on is now configured. Refer to https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users for details on assigning specific users access to Cohort Go. Note that these users will also need to exist in the Cohort Go platform to successfully log in.