Log in to Coveo
Similarly, some Coveo-powered search interfaces also require you to log in, especially if the search results they provide are susceptible to be sensitive.
The Coveo relies on third-party identity providers to authenticate users. There is no such thing as creating a Coveo account from scratch, as Coveo expects its users to log in using credentials from one of the supported identity providers:
If you have the privilege required to manage Coveo organization members, you can add your coworkers to your organization. When they access the Administration Console or a Coveo-powered search interface, they are first presented with the following login page. You should instruct them to click the identity provider you selected when you added them as organization members. They will then be prompted to enter their credentials.
Logging in With SSO
If you implemented a SAML SSO, you must instruct users to click Using Custom Single Sign-On on the login page, and then enter the ID of the organization they want to access. You should also provide this ID to new members when adding them to your Coveo organization, but if you haven’t, a link allows them to get a list of the organizations they can log in to.
After a user’s first login, Coveo stores the organization ID in a cookie and automatically fills the Organization ID box next time.
Logging in With Email
The option to log in with email allows you to access the Coveo Administration Console without an account with one of the supported identity providers. It’s mostly used by new users of Coveo, especially those starting a trial from coveo.com.
The login flow is the following:
You click Log in with email.
You provide your email address.
Coveo sends you an email with a login link.
When you click this link, the Coveo Administration Console opens in a new browser page or tab. You are automatically logged in.
The next time you need to log in to Coveo, you repeat steps 1 to 4 with the same email address.
Once you are ready to commit to a full Coveo license, we recommend you switch to using SSO or one of the supported providers, along with any other user of your organization, for a better experience in the long term. For instance, if your company uses an SSO for other applications, you should implement it in your Coveo organization and have all Coveo users log in with this option. The advantages of this change are the following:
Logging in becomes faster and smoother. If you’re already logged in to your identity provider or SSO on another web application, you don’t have to enter your password and are automatically let in. You don’t have to switch to your inbox and wait for Coveo’s email.
Relying on a single system to manage user access reduces the risk for unauthorized access. For instance, if an employee logs in to Coveo with his personal email, they can still access Coveo after quitting your company if you don’t manually delete their identity in the Coveo Administration Console. However, if they access Coveo with a company-managed Salesforce account, this account will most probably be deactivated as part of the employee offboarding process.
To switch to a different identity provider
Switching from an email identity provider to a different identity provider is essentially creating a new account for the Coveo user, and then deleting their original account. This must be done even if the user receives Coveo login links to their Google, Microsoft, or Salesforce address.
Add the user as a new member of your Coveo organization. Ensure to add them to the group in which their original account is to preserve their privilege set.
Delete the user’s original account. Make sure to delete the member with Email in the Provider column.
You may add the same person to your organization twice, with different identity providers, e.g., Google and Microsoft. Coveo considers the two sets of credentials to be independent and can’t tell if they represent the same individual. As a result, these two accounts can be granted different privileges.
Coveo URL Reference
|Region||Login page URL|
Logging Out of the Coveo Administration Console
It’s a good practice to log out of the Administration Console when you no longer need to use it.
In the Administration Console header, click the member identification drop-down (where your name and email address appear), and then click Log out.
When trying to log in, you might encounter the following messages:
"You Currently Do Not Have Access to Any Organizations"
This message is displayed when your credentials are valid, but don’t match any Coveo organization member.
If you have an account with a different identity provider, try logging out and logging in again with this identity provider instead.
If not, contact your Coveo administrator and ask them to confirm the email address and identity provider with which you should log in. They should also ensure that you have been granted the privilege required to see the desired pages of the Administration Console.
The administrator of your company’s Coveo organization invited you to join the organization and instructed you to log in with your corporate Microsoft account. However, you also have a corporate Google account. If you try to log in with your Google credentials, the operation is successful since your credentials are correct, but you can’t access the Administration Console because your Google account hasn’t been granted any privileges.
If you’re about to create an organization via the API for the first time (e.g., as part of the tutorial Creating an Organization and a Source, and Getting Your First Query Results), seeing this message is normal. Follow the next steps to create your organization.
"AADSTS90093: Does Not Have Access to Consent" or "Need Admin Approval"
The following messages indicate that a Microsoft Office 365 global administrator disabled the ability for users to consent to third-party applications such as Coveo:
AADSTS90093: Does not have access to consent.
Need admin approval: Coveo needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
To fix this issue, an Office 365 global administrator can either:
Give admin consent to the Coveo application on behalf of all users.
Enable user consent to third-party applications. This alternative is less likely to be chosen, as global administrators tend to disable user consent to keep track of the applications allowed to access your Office 365 organization resources.
The process of having an Office 365 global administrator give consent to Coveo is the following:
Add them as a member of your organization and grant them the privileges required to edit groups. If you just created the organization with your Microsoft email address, you might need to ask the Coveo Support team to do it for you, as you won’t be able to log in.
When logging in to Coveo, the global administrator is prompted to authorize the Microsoft organization users to use Coveo.
Once they have logged in, the global administrator can add you as an individual member of the organization or create a group of Microsoft users.
Contact the Coveo Support team if the error persists.