Cookies help us deliver our services. By using our services, you agree to our use of cookies.

Single Sign-On

Cobot supports single sign-on (SSO) via identity providers that support either OpenID Connect or OAuth2. This means, members and admins of a space can log in using various identity providers instead of having to set up a password for Cobot.

To set up SSO, go to the admin section and then to Setup -> Single Sign-on -> Add Provider. Depending on your identity provider either click on "Add OpenID Connect Provider" or "Add OAuth 2 Provider".

Below we have listed the configuration for a few prominent providers. Don't hesitate to contact support to help you set up SSO.

Unfortunately, Slack's OAuth2 implementation deviates from the standard, requiring a bit of extra setup.

To set up Cobot Single Sign-on (SSO) with Slack:

  • create an app on Slack with the identity.basic and identity.email scopes.
  • create a login provider configuration on Cobot under Setup -> Single Sign-on -> Add OAuth 2 Provider
  • and fill out the form as below:

Slack configuration

Google uses OpenID Connect which makes the setup very easy.

  • create an app on Google
  • create a login provider configuration on Cobot under Setup -> Single Sign-on -> Add OpenID Connect Provider
  • and fill out the form as below (add the Client ID/secret from Google):

Google configuration

More information about using Google for OpenID Connect can be found here:

https://developers.google.com/identity/protocols/oauth2/openid-connect

Microsoft uses OpenID but not all of it so the setup is not as easy as it should be. When setting up SSO, select OAuth 2 and not OpenID Connect.

Fill out the form as below, replacing <TENANT_ID> with your tenant id from Microsoft.

Authentication URL
https://<TENANT_ID>.b2clogin.com/<TENANT_ID>.onmicrosoft.com/B2C_1A_PortaleStdFtc_SI/oauth2/v2.0/authorize
Access Token Endpoint URL
https://<TENANT_ID>.b2clogin.com/<TENANT_ID>.onmicrosoft.com/B2C_1A_PortaleStdFtc_SI/oauth2/v2.0/token
Access Token Scope
openid
User Endpoint URL
https://www.<TENANT_ID>.it/infederazioneservices/api/v1/user/currentuser
User Email JSON Pointer
/email
Access Token JSON Pointer
/id_token

For more information see https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect

back to index