Skip to main content

Cosafe Support Center


Introduction

This guide provides a detailed walkthrough for integrating OpenID Connect (OIDC) with Cosafe. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol, offering a simple and flexible method for Single Sign-On (SSO). Integrating OpenID with Cosafe enhances security, simplifies user authentication, and ensures seamless access to the platform using existing credentials from your organization’s Identity Provider (IdP).

In this guide, you'll learn how to configure OpenID settings within Cosafe, including setting up endpoints, managing client credentials, and specifying domain access. By the end of this guide, your users will be able to log in to Cosafe through your OpenID-supported Identity Provider.

Benefits of OpenID integration with Cosafe

  • Secure authentication: Uses OAuth 2.0 standards for secure user authentication and data exchange.
  • Centralized user management: Manage user access through your existing Identity Provider.
  • Seamless user experience: Users can log in once and access multiple integrated platforms without re-authenticating.
  • Scalable and flexible: Supports various Identity Providers such as Entra ID, Google Workspace, and more.

OpenID configuration steps

Configuration of OpenID settings in your system

Add the allowed redirect URL:

https://app.cosafe.se/login/

https://app.cosafe.com/login/

https://admin.cosafe.se/login

https://admin.cosafe.com/login

https://academy.cosafe.com/login/

https://app.cosafe.se/desktop_se_sso.html

https://app.cosafe.com/desktop_se_sso.html

Enable ID tokens – the "email" claim must be allowed to be returned in an ID token.

If they are using Entra ID, it should be sufficient to keep the default permission "User.Read" enabled for this to work.

Configuration of OpenID settings in Admin panel

  1. Access integration settings:

    • Navigate to your Account page.
    • Click on the Integration tab.

  2. Select OpenID as Sign-On provider:

    • From the dropdown menu, choose Sign-On provider (OpenID).

  3. Provide OpenID configuration details:

    • OpenID JWKS endpoint: URL to retrieve JSON Web Key Set.
      • Example (Entra ID): https://login.microsoftonline.com/common/discovery/v2.0/keys
    • OpenID login URL: Authorization endpoint.
      • Example (Entra ID): https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
    • OpenID audience: Userinfo endpoint.
      • Example: https://graph.microsoft.com/oidc/userinfo
    • OpenID ClientID: Unique identifier for your application.
    • Domain address: Email domains of users who will use SSO.

  4. Add domains:

    • To include multiple domains:
      • Click Add domain.
      • Enter each domain as needed.

  5. Save configuration:

    • After completing the setup, save your settings to activate OpenID SSO.

Troubleshooting and best practices

  • Verify endpoint URLs: Ensure that all endpoint URLs provided are correct and accessible.
  • Manage client credentials securely: Store your ClientID and any associated secrets securely.
  • Test integration: Always test the integration with a few user accounts before deploying it organization-wide.
  • Regular updates: Keep your OpenID configuration updated as per your Identity Provider's guidelines.