Assigning Many Coveo Cloud V2 Organizations to a SAML Authentication Provider

If you manage more than one Coveo Cloud organization and have implemented SAML authentication for one of them, you may want to associate another organization with your SAML authentication provider.

You have a production and a sandbox organization, and you want both of them to have an identical SAML authentication setup for testing purposes.

To associate another organization with your SAML authentication provider, you must first retrieve a list of the available organizations, and then update the target organization with the SAML authentication parameters.

  1. Ensure that the identity you intend to use to perform the following Coveo Cloud API calls is a member of a group that has the Organization - View and Single sign-on identity provider - Edit privileges in both organizations (see Edit a Group, Privilege Management, Organization Domain, and Single Sign-On Identity Provider Domain).

  2. Ensure that the SAML authentication configuration works as expected with your first organization by testing your setup.

  3. Send a GET request to https://platform.cloud.coveo.com/rest/organizations/{organizationId}/saml/availables where you replace {organizationId} with the ID of your first Coveo Cloud organization (see Retrieving the ID of a Coveo Cloud V2 Organization).

    A successful request returns a Status 200 containing the SAML authentication parameters for the specified organization and, if any, other organizations using the same SAML authentication setup. The response body of your GET request should look like the following example.

    Typical Header of a SAML Authentication Provider GET Request

     GET https://platform.cloud.coveo.com/rest/organizations/organization1/saml/availables HTTP/1.1
     Content-Type: application/json
     Accept: application/json
     Authorization: Bearer **********-****-****-****-************
    

    Typical Response Body of a SAML Authentication Provider GET Request

     {
         "displayName": "MySAMLIdP",
         "entityId": "http://www.identityprovider.com/exkabcurm887FmOwOc0h7",
         "id": "xbjfnpsw4fw2yxvb2vmc5n2pty",
         "postBindingEndpoint": "https://mycompany.identityprovider.com/app/mycompany_identityproviderapp/exkabcurm887FmOwOc0h7/sso/saml",
         "x509Certificate": "MIIDpDCCAoygAwIBAgIGAVZbyf2L...",
         "organizationIds": [
             {
             "displayName": "organization1",
             "id": "organization1"
             }
         ],
     }
    
  4. Using the GET request response body, fill the body of a PUT request to https://platform.cloud.coveo.com/rest/organizations/{organizationId}/saml/identityprovider where you replace {organizationId} with the ID of your first organization (see Retrieving the ID of a Coveo Cloud V2 Organization).

    In the PUT request body, ensure to include the ID for both your first and your second organization. The organization displayName, however, isn’t required. The body of your PUT request should look like the following example.

    Typical Header of a SAML Authentication Provider PUT Request

     PUT https://platform.cloud.coveo.com/rest/organizations/organizationId2/saml/identityprovider HTTP/1.1
        
     Content-Type: application/json
     Accept: application/json
     Authorization: Bearer **********-****-****-****-************
    

    Typical Body of a SAML Authentication Provider PUT Request

     {
       "displayName": "MySAMLIdP",
       "entityId": "http://www.identityprovider.com/exkabcurm887FmOwOc0h7",
       "id": "xbjfnpsw4fw2yxvb2vmc5n2pty",
       "organizationIds": [
         {
             "id": "organizationId1"
         },
         {
             "id": "organizationId2"
         }
       ],
       "postBindingEndpoint": "https://mycompany.identityprovider.com/app/mycompany_identityproviderapp/exkabcurm887FmOwOc0h7/sso/saml",
       "x509Certificate": "MIIDpDCCAoygAwIBAgIGAVZbyf2L..."
     }
    

    A successful request returns a Status 200 containing the parameters you entered in the request body and your second organization is updated.

  5. Test the SAML authentication setup in the updated organization.

Recommended Articles