Log in to Coveo
Similarly, some Coveo-powered search interfaces also require you to log in, especially if the search results they provide are susceptible to be sensitive.
The Coveo Platform relies on third-party identity providers to authenticate users. There is no such thing as creating a Coveo account from scratch, as Coveo expects its users to log in using credentials from one of the supported identity providers:
A single sign-on (SSO) identity provider
As someone with the privilege required to manage Coveo organization members, you can add your coworkers to your organization. When they access the Administration Console or a Coveo-powered search interface, they are first presented with the following login page. You should instruct them to click the identity provider you selected when you added them as organization members. They will then be prompted to enter their credentials.
Logging in With SSO
If you implemented a SAML SSO, you must instruct users to click Using Custom Single Sign-On on the login page, and then enter the ID of the organization they want to access. You should also provide this ID to new members when adding them to your Coveo organization, but if you haven’t, a link allows them to get a list of the organizations they can log in to.
After a user’s first login, Coveo stores the organization ID in a cookie and automatically fills the Organization ID box next time.
You may add the same person to your organization twice, with different identity providers, e.g., Google and Office 365. Coveo considers the two sets of credentials to be independent and can’t tell if they represent the same individual. As a result, these two accounts can be granted different privileges.
Coveo Platform URL Reference
|Region||Login page URL|
Logging Out of the Coveo Administration Console
It’s a good practice to log out of the Administration Console when you no longer need to use it.
In the Administration Console header, click the member identification drop-down (where your name and email address appear), and then click Log out.
When trying to log in, you might encounter the following messages:
"You Currently Do Not Have Access to Any Organizations"
This message is displayed when your credentials are valid, but don’t match any Coveo organization member.
If you have an account with a different identity provider, try logging out and logging in again with this identity provider instead.
If not, contact your Coveo administrator and ask them to confirm the email address and identity provider with which you should log in. They should also ensure that you have been granted the privilege required to see the desired pages of the Administration Console.
The administrator of your company’s Coveo organization invited you to join the organization and instructed you to log in with your corporate Office 365 account. However, you also have a corporate Google account. If you try to log in with your Google credentials, the operation is successful since your credentials are correct, but you can’t access the Administration Console because your Google account hasn’t been granted any privileges.
If you’re about to create an organization via the API for the first time (e.g., as part of the tutorial Creating an Organization and a Source, and Getting Your First Query Results), seeing this message is normal. Follow the next steps to create your organization.
"AADSTS90093: Does Not Have Access to Consent" or "Need Admin Approval"
The following messages indicate that an Office 365 global administrator disabled the ability for users to consent to third-party applications such as the Coveo Platform:
AADSTS90093: Does not have access to consent.
Need admin approval: Coveo Platform needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
To fix this issue, an Office 365 global administrator can either:
Give admin consent to the Coveo Platform application on behalf of all users.
Enable user consent to third-party applications. This alternative is less likely to be chosen, as global administrators tend to disable user consent to keep track of the applications allowed to access your Office 365 organization resources.
The process of having an Office 365 global administrator give consent to the Coveo Platform is the following:
Add them as a member of your organization and grant them the privileges required to edit groups. If you just created the organization with your Office 365 email address, you might need to ask the Coveo Support team to do it for you, as you won’t be able to log in.
When logging in to Coveo, the global administrator is prompted to authorize the Office 365 organization users to use Coveo.
Once they have logged in, the global administrator can add you as an individual member of the organization or create a group of Office 365 users.
Contact the Coveo Support team if the error persists.