Assign Multiple Organizations to a SAML Authentication Provider

Assign Multiple Organizations to a SAML Authentication Provider

If you manage more than one Coveo organization and have implemented SAML authentication for one of them, you may want to associate another organization with your SAML authentication provider.

To associate another organization with your SAML authentication provider, you must first retrieve the SAML authentication parameters to apply, and then update the desired organization with these parameters.

1. Ensure that the identity you intend to use to perform the following Coveo API calls is a member of a group that has the following privileges in both the organization where you have already implemented SAML SSO (organization1) and the organization where you want to implement it (organization2):

   • Organization domain: View access level

   • Single Sign-On Identity Provider domain: Edit access level

2. Ensure that your original SAML authentication implementation works as expected by testing the login process.

3. Send a GET request to https://platform.cloud.coveo.com/rest/organizations/{organizationId}/saml/availables where you replace {organizationId} with the ID of the Coveo organization where you have already implemented SAML authentication (organization1).

   A successful request returns a Status 200 containing the SAML authentication parameters for the specified organization and, if any, other organizations using the same SAML authentication setup. The response body of your GET request should look like the following example.

   Typical Header of a SAML Authentication Provider GET Request

    GET https://platform.cloud.coveo.com/rest/organizations/organization1/saml/availables HTTP/1.1
   
    Content-Type: application/json
    Accept: application/json
    Authorization: Bearer **********-****-****-****-************
   

   Typical Response Body of a SAML Authentication Provider GET Request

    {
        "displayName": "MySAMLIdP",
        "entityId": "http://www.identityprovider.com/exkabcurm887FmOwOc0h7",
        "id": "xbjfnpsw4fw2yxvb2vmc5n2pty",
        "postBindingEndpoint": "https://mycompany.identityprovider.com/app/mycompany_identityproviderapp/exkabcurm887FmOwOc0h7/sso/saml",
        "x509Certificate": "MIIDpDCCAoygAwIBAgIGAVZbyf2L...",
        "organizationIds": [
            {
            "displayName": "organization1",
            "id": "organization1"
            }
        ],
    }
   

4. Using the GET request response body, fill the body of a PUT request to https://platform.cloud.coveo.com/rest/organizations/{organizationId}/saml/identityprovider where you replace {organizationId} with the ID of the organization where you have already implemented SAML authentication (organization1).

   In the PUT request body, under organizationIds, enter the ID of both the organization where you have already implemented SAML SSO and the organization where you want to implement it (organization1 and organization2). The organization displayName isn’t required. The body of your PUT request should look like the following example.

   Typical Header of a SAML Authentication Provider PUT Request

    PUT https://platform.cloud.coveo.com/rest/organizations/organizationId1/saml/identityprovider HTTP/1.1
       
    Content-Type: application/json
    Accept: application/json
    Authorization: Bearer **********-****-****-****-************
   

   Typical Body of a SAML Authentication Provider PUT Request

    {
      "displayName": "MySAMLIdP",
      "entityId": "http://www.identityprovider.com/exkabcurm887FmOwOc0h7",
      "id": "xbjfnpsw4fw2yxvb2vmc5n2pty",
      "organizationIds": [
        {
            "id": "organizationId1"
        },
        {
            "id": "organizationId2"
        }
      ],
      "postBindingEndpoint": "https://mycompany.identityprovider.com/app/mycompany_identityproviderapp/exkabcurm887FmOwOc0h7/sso/saml",
      "x509Certificate": "MIIDpDCCAoygAwIBAgIGAVZbyf2L..."
    }
   

   A successful request returns a Status 200 containing the parameters you entered in the request body. SAML authentication should now be implemented in the desired organization (organization2).

5. Test the SAML authentication setup in this organization. The authentication process should be identical to that of the organization where you originally implemented SAML authentication (organization1).

Is this article useful?

You can close this window or leave a comment below.

Very useful Not really

Can you tell us more about your experience today?

Comments (optional)

Leave your email address if you'd like us to get back to you.

Email (optional)

Please provide a valid email address.

The Coveo Privacy Policy applies.

Need help? Ask the Community.

Submit

Is this article useful?

You can close this window or leave a comment below.

Very useful Not really

Can you tell us more about your experience today?

Comments (optional)

Leave your email address if you'd like us to get back to you.

Email (optional)

Please provide a valid email address.

The Coveo Privacy Policy applies.

Need help? Ask the Community.

Submit