Assign Multiple Organizations to a SAML Authentication Provider
Assign Multiple Organizations to a SAML Authentication Provider
If you manage more than one Coveo organization and have implemented SAML authentication for one of them, you may want to associate another organization with your SAML authentication provider.
You have a production and a sandbox organization, and you want both of them to have an identical SAML authentication setup.
To associate another organization with your SAML authentication provider, you must first retrieve the SAML authentication parameters to apply, and then update the desired organization with these parameters.
-
Ensure that the identity you intend to use to perform the following Coveo API calls is a member of a group that has the following privileges in both the organization where you have already implemented SAML SSO (
organization1
) and the organization where you want to implement it (organization2
):-
Organization domain: View access level
-
Single Sign-On Identity Provider domain: Edit access level
-
-
Ensure that your original SAML authentication implementation works as expected by testing the login process.
-
Send a
GET
request tohttps://platform.cloud.coveo.com/rest/organizations/{organizationId}/saml/availables
where you replace{organizationId}
with the ID of the Coveo organization where you have already implemented SAML authentication (organization1
).A successful request returns a Status
200
containing the SAML authentication parameters for the specified organization and, if any, other organizations using the same SAML authentication setup. The response body of yourGET
request should look like the following example.Typical Header of a SAML Authentication Provider GET Request
GET https://platform.cloud.coveo.com/rest/organizations/organization1/saml/availables HTTP/1.1 Content-Type: application/json Accept: application/json Authorization: Bearer **********-****-****-****-************
Typical Response Body of a SAML Authentication Provider GET Request
{ "displayName": "MySAMLIdP", "entityId": "http://www.identityprovider.com/exkabcurm887FmOwOc0h7", "id": "xbjfnpsw4fw2yxvb2vmc5n2pty", "postBindingEndpoint": "https://mycompany.identityprovider.com/app/mycompany_identityproviderapp/exkabcurm887FmOwOc0h7/sso/saml", "x509Certificate": "MIIDpDCCAoygAwIBAgIGAVZbyf2L...", "organizationIds": [ { "displayName": "organization1", "id": "organization1" } ], }
-
Using the
GET
request response body, fill the body of aPUT
request tohttps://platform.cloud.coveo.com/rest/organizations/{organizationId}/saml/identityprovider
where you replace{organizationId}
with the ID of the organization where you have already implemented SAML authentication (organization1
).In the
PUT
request body, underorganizationIds
, enter the ID of both the organization where you have already implemented SAML SSO and the organization where you want to implement it (organization1
andorganization2
). The organizationdisplayName
isn’t required. The body of yourPUT
request should look like the following example.Typical Header of a SAML Authentication Provider PUT Request
PUT https://platform.cloud.coveo.com/rest/organizations/organizationId1/saml/identityprovider HTTP/1.1 Content-Type: application/json Accept: application/json Authorization: Bearer **********-****-****-****-************
Typical Body of a SAML Authentication Provider PUT Request
{ "displayName": "MySAMLIdP", "entityId": "http://www.identityprovider.com/exkabcurm887FmOwOc0h7", "id": "xbjfnpsw4fw2yxvb2vmc5n2pty", "organizationIds": [ { "id": "organizationId1" }, { "id": "organizationId2" } ], "postBindingEndpoint": "https://mycompany.identityprovider.com/app/mycompany_identityproviderapp/exkabcurm887FmOwOc0h7/sso/saml", "x509Certificate": "MIIDpDCCAoygAwIBAgIGAVZbyf2L..." }
A successful request returns a Status
200
containing the parameters you entered in the request body. SAML authentication should now be implemented in the desired organization (organization2
). -
Test the SAML authentication setup in this organization. The authentication process should be identical to that of the organization where you originally implemented SAML authentication (
organization1
).