The Okta/Coveo Cloud SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Sign into your Coveo Cloud organization as a user that is a member of a group that has the required privileges to manage organization settings.
In the upper-right corner of the administration console, click the Settings icon.
In the Settings panel, enter the following:
Select the ORGANIZATION tab, then click Single Sign-On in the left navigational panel.
Identity Provider Name: Enter Okta.
Single sign-on URL: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Identity provider issuer URL: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Enter your public certificate: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Click ADD.
Add your email address as an organization member:
Go to MEMBERS, then click ADD MEMBER.
Provider: Select Single sign-on.
Username: Enter your email address.
Select a required group.
Click ADD.
The following steps are optional. These steps are needed if you want to map Okta user groups to Coveo Cloud groups.
To pass Okta groups as part of the SAML assertion:
In Okta, select the Sign On tab for the Coveo Cloud app, then click Edit.
Select your preferred filter for the user.groups attribute (the Regex rule with the value ".*" in order to send *all* Okta groups as part of the user.groups group attribute).
Click Save.
Now you are able to map Coveo Cloud groups to the Okta groups:
Navigate to Groups.
Select a required Coveo Cloud group.
Click Edit.
Select the MEMBERS tab.
Click LINK TO IDENTITY SET.
Select a required Okta group from the Identity set dropdown menu.
Click LINK TO IDENTITY SET.
Click Save.
Now all Okta users who were added to the CoveoAdmin group in Okta will receive the selected Coveo Cloud group privileges automatically.
You can find more details in the Coveo Cloud online documentation.
Done!
Just In Time (JIT) provisioning: Coveo Cloud provisions all new users on login but they do not appear in the Members list. Only users that admin specifically invite will appear in this list.
The following SAML attributes are supported:
| Name | Value |
|---|---|
| user.email | user.email |
| user.firstName | user.firstName |
| user.lastName | user.lastName |
| user.groups | This is configured in the app UI; see Group attribute instructions (step 5) above. |
Open this URL: https://platform.cloud.coveo.com/login/[OrganizationID] .
Click Log in with Okta.