Cocoon

To setup SSO through Okta please follow these steps to create a new application

Log in to <a href="https://login.okta.com/" target="_blank" rel="nofollow noopener noreferrer">Okta</a> as an administrator and select “Applications” in the navigation bar.

Create a new application by selecting the "Create App Integration" button.

Choose "OIDC - OpenID Connect" application:

- Log in to <a href="https://login.okta.com/" target="_blank" rel="nofollow noopener noreferrer">Okta</a> as an administrator and select “Applications” in the navigation bar.
- Create a new application by selecting the "Create App Integration" button.
- Choose "OIDC - OpenID Connect" application:

On the next page, fill out the fields including:

- For Logo, you can use:

Sign-in redirect URIs: You should've received a callback URL by Cocoon with the format of <a href="https://dashboard.meetcocoon.com/auth/oidc/callback?org=%7BORG_NAME%7D" target="_blank" rel="nofollow noopener noreferrer">https://app.cocoon.com/auth/oidc/callback?org={ORG_NAME}</a>

Sign-out redirect URIs: <a href="https://dashboard.meetcocoon.com/logout" target="_blank" rel="nofollow noopener noreferrer">https://app.cocoon.com/logout</a>

Assignments: select a group of users who should have access to administer your company's Cocoon instance. Note that currently, Cocoon doesn't provision new employer admin accounts and requires an email to be invited and verified before they can login using SSO. However, we'll start provisioning users based on custom claims in the future. Therefore, make sure that only the actual Cocoon employer admins are assigned to Cocoon.

- Sign-in redirect URIs: You should've received a callback URL by Cocoon with the format of <a href="https://dashboard.meetcocoon.com/auth/oidc/callback?org=%7BORG_NAME%7D" target="_blank" rel="nofollow noopener noreferrer">https://app.cocoon.com/auth/oidc/callback?org={ORG_NAME}</a>
- Sign-out redirect URIs: <a href="https://dashboard.meetcocoon.com/logout" target="_blank" rel="nofollow noopener noreferrer">https://app.cocoon.com/logout</a>
- Assignments: select a group of users who should have access to administer your company's Cocoon instance. Note that currently, Cocoon doesn't provision new employer admin accounts and requires an email to be invited and verified before they can login using SSO. However, we'll start provisioning users based on custom claims in the future. Therefore, make sure that only the actual Cocoon employer admins are assigned to Cocoon.

Information that needs to be shared back with Cocoon

After the new application has been set up, you need to share the client credentials and Issuer URL with Cocoon (for sharing "Client Secret", please use (<a href="https://secure.cocoon.com/u/ops@cocoon.com" target="_blank" rel="nofollow noopener noreferrer">https://secure.cocoon.com/u/ops@cocoon.com</a>):

To setup the SSO, Cocoon needs "Client ID" and "Client Secret" under the General tab

- To setup the SSO, Cocoon needs "Client ID" and "Client Secret" under the General tab

Additionally you can find "Issuer URL" under "Sign On" tab.

- Additionally you can find "Issuer URL" under "Sign On" tab.

[Optional] Enable Okta-initiated logins (i.e., so that Cocoon app will be added to the user's Okta login portal),

Edit "Login initiated by" field under "General" tab

Initiate login URI: You should've received an "IdP-initiated Login URL" by Cocoon with the format of <a href="https://app.cocoon.com/auth/oidc?org=%7BORG_NAME%7D" target="_blank" rel="nofollow noopener noreferrer">https://app.cocoon.com/auth/oidc?org={ORG_NAME}</a>

- Edit "Login initiated by" field under "General" tab
- Initiate login URI: You should've received an "IdP-initiated Login URL" by Cocoon with the format of <a href="https://app.cocoon.com/auth/oidc?org=%7BORG_NAME%7D" target="_blank" rel="nofollow noopener noreferrer">https://app.cocoon.com/auth/oidc?org={ORG_NAME}</a>

[Optional] Create an Okta bookmark for employees (who will not be using SSO)

Okta bookmark simply acts to redirect users to a login page where they will manually sign in to the external application using a username and password known only to them. You can set this up via <a href="https://help.okta.com/en-us/Content/Topics/Apps/apps-create-bookmark.htm" target="_blank" rel="nofollow noopener noreferrer">https://help.okta.com/en-us/Content/Topics/Apps/apps-create-bookmark.htm</a>. For the sign-in URL please use<a href="https://dashboard.meetcocoon.com/login" target="_blank" rel="nofollow noopener noreferrer"> https://app.cocoon.com/login</a>.

- Okta bookmark simply acts to redirect users to a login page where they will manually sign in to the external application using a username and password known only to them. You can set this up via <a href="https://help.okta.com/en-us/Content/Topics/Apps/apps-create-bookmark.htm" target="_blank" rel="nofollow noopener noreferrer">https://help.okta.com/en-us/Content/Topics/Apps/apps-create-bookmark.htm</a>. For the sign-in URL please use<a href="https://dashboard.meetcocoon.com/login" target="_blank" rel="nofollow noopener noreferrer"> https://app.cocoon.com/login</a>.

___________________________________________________________

Any questions? Please reach out to the Support team at:

<a href="mailto:support@cocoon.com" target="_blank" rel="nofollow noopener noreferrer">support@cocoon.com</a>