How to Configure SAML 2.0 for Cobalt

Configure SAML with Okta using their gallery app for Cobalt.

This guide is for Organization Owners who configure SAML with Okta as an identity provider (IdP) using the gallery Cobalt SAML app.

If you want to create a non-gallery application for Okta manually, see how to set up the configuration.

If your organization enforces SAML in Cobalt, users will no longer be able to authenticate through the sign-in page. They must authenticate to Cobalt only through the Okta service.

Contents

Supported Features

The Okta/Cobalt SAML integration supports the following features:

  • IdP-initiated SSO

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Sign in to Cobalt, and go to Settings > Identity & Access. You should have an Organization Owner role.
  2. Under Configure SAML, click Configure. An overlay for configuring SAML opens.

    SAML SSO configuration overlay in the Cobalt app
  3. In Cobalt, enter the following values from Okta. In the Okta Admin Dashboard, select the Sign On tab for the Cobalt SAML app, then click Edit. Under Metadata details, click More details.
    • IdP SSO URL: Enter the Sign on URL from Okta.
    • IdP Certificate: Enter the Signing Certificate from Okta.
    • Click Save Configuration.

      Set the Application username format in Okta
  4. In Okta, select the Sign On tab for the Cobalt SAML app, then click Edit.
    • Region: Enter your region, if applicable. The slug appears in the subdomain of the ACS URL.
      • Note: the default value is us.
    • Slug: Enter your organization’s slug from Cobalt. The slug appears after = in the ACS URL. You can also find the slug in Settings > General.

      Organization’s region and slug in the ACS URL
    • Application username format: Select Email.

      Set the Application username format in Okta
    • Click Save.
  5. Done!

Notes

The following SAML attributes are supported:

NameValue
emailuser.email
Last modified November 14, 2024