General troubleshooting tips if having issues with SAML configurations.
If you're unable to login to Cobalt, and have SAML enabled on your organization, you most likely have a configuration issue. Please reach out to your customer success manager or support@cobalt.io to disable SSO via SAML. Once SAML is disabled, you can re-establish your SAML configuration.
Note: We suggest testing your SAML configuration in an incognito window before logging out of Cobalt. This will prevent any account lockout.
Common Troubleshooting Tips:
- Ensure the IdP Certificate is accurate.
Majority of SAML configuration errors are due to copy/paste. Double check your IdP certificate is correct and that there are no extra spaces. - Double check the org tokens match between your identity provider and Cobalt. Specifically quotation marks.
Org token within your IdP must match. If you have copy and pasted your org token, double check that all quotation marks are straight quotes (") vs. curly or smart quotes (“).
- Ensure users are added to Cobalt platform.
Cobalt does not support user provisioning through an IdP. When leveraging an identity provider, there must also be an established identity on Cobalt. To establish an identity on Cobalt, a user must setup a password and sign into Cobalt. All subsequent sign ins after an identity is established on Cobalt, will be initiated through the organizations IdP. Learn more about how to add new users to Cobalt. - Ensure the IdP issue URL value matches between identity provider and Cobalt.
The Issuer/Identifier ID in a SAML assertion does not actually need to be a valid URL path. The value simply needs to match whatever the service provider is expecting. For Okta, the IdP issuer URL must be http vs https.
If you're unable to enable SAML on Cobalt, please reach out to your customer success manager or support@cobalt.io for further investigation.
Comments
0 comments
Please sign in to leave a comment.