SSO

Learn how to configure SSO using Okta SAML.

Today, Cove only supports SSO through Okta SAML.

Prerequisites

To configure Okta SAML SSO, you must:

  • Be in Admin mode in Okta.
  • Have group names that match exactly between Okta and SAML.
  • Have admin permissions in Cove.
  • Have the ability to create a custom SAML application.

Configuration

  1. Create a custom SAML application in Okta. Use the following settings.

    SettingValue
    Single sign-on URLExample: https://getcove.com/login/saml/12345/callback

    Your organization's callback link can be found on our SSO Settings Page
    Audience URI (SP Entity ID)https://getcove.com
    email attribute (you'll add this in the Attribute Statements section). This field depends on your Identity Provider's attribute mappings, e.g. Google SSO calls this "Primary Email"email
  2. In the Feedback tab, check I'm a software vendor. I'd like to integrate my app with Okta.

  3. In your app's settings, go to the Sign On tab. Under SAML Signing Certificates > SHA-2, click Actions > View IdP metadata.

  4. Copy the contents of the XML file and log in to Cove. Go to the Single-Sign On (SSO) settings and paste the XML file contents to the Identity Provider Metadata field.

  5. On the same page, enter email in the Attributes section.

  6. In your Okta app under Assignments, assign users or groups to your app.