Coconut Software

<a href="#h_01GY8AFFHYDM28RDXT7Q8M6THG">Objective</a>

<a href="#h_01GY8AFPMCXAYBPB37W6XHDEH7">Steps</a>

- <a href="#h_01GY8AFWTWJFHHAQSZPKHX1CQJ">Map roles in Coconut</a>
- <a href="#h_01GY8AG8JX8EXCX194V8FVFFFE">Complete additional configuration based on your IDP</a>
 
 - <a href="#h_01H6Y0WR527RWK4A9ENZ9B0X2W">An example mapping using a SAML attribute</a>
 - <a href="#h_01GY8AGMHERV4Q6MZ5F39HJ8WG">An example mapping using a relay state</a>

<a href="#h_01GY8AGWXWT1S7D91B099WQ2RQ">A note on access and visibility</a>

- <a href="#h_01GY8AFFHYDM28RDXT7Q8M6THG">Objective</a>
- <a href="#h_01GY8AFPMCXAYBPB37W6XHDEH7">Steps</a>
 
 - <a href="#h_01GY8AFWTWJFHHAQSZPKHX1CQJ">Map roles in Coconut</a>
 - <a href="#h_01GY8AG8JX8EXCX194V8FVFFFE">Complete additional configuration based on your IDP</a>
 
 - <a href="#h_01H6Y0WR527RWK4A9ENZ9B0X2W">An example mapping using a SAML attribute</a>
 - <a href="#h_01GY8AGMHERV4Q6MZ5F39HJ8WG">An example mapping using a relay state</a>
- <a href="#h_01GY8AGWXWT1S7D91B099WQ2RQ">A note on access and visibility</a>

Map your organization’s roles to Coconut roles by configuring role mapping.

NOTE: Single Sign-On is an add-on feature. Please connect with your Customer Success Manager to get started.

To configure role mapping, roles will need to be mapped in Coconut and configured in your organization’s IDP.

From the navigation menu, click Settings

From Integrations &amp; API, click SSO

Enter the name of your organization's role in External Roles

Select the corresponding Coconut role from Coconut Software Roles

1. From the navigation menu, click Settings
2. From Integrations &amp; API, click SSO
3. Expand User Role Mapping
4. Enter the name of your organization's role in External Roles
5. Select the corresponding Coconut role from Coconut Software Roles

Configure role mapping for your organization's roles by expanding User Role Mapping in your SSO Configuration

Complete additional configuration based on your IDP

Additional configuration may be required based on your IDP. For example, if using Entra ID, a relay state for each role ID needs to be included in the enterprise application in Entra ID.

For more information, please refer to your organization’s IDP’s documentation:

<a href="https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal-setup-sso" rel="nofollow noopener noreferrer" target="_blank">Microsoft® Entra ID</a>

<a href="https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings" rel="nofollow noopener noreferrer" target="_blank">Microsoft® ADFS</a>

<a href="https://support.google.com/a/answer/6087519?hl=en" rel="nofollow noopener noreferrer" target="_blank">Google™ SSO</a>

- <a href="https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal-setup-sso" rel="nofollow noopener noreferrer" target="_blank">Microsoft® Entra ID</a>
- <a href="https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings" rel="nofollow noopener noreferrer" target="_blank">Microsoft® ADFS</a>
- <a href="https://support.google.com/a/answer/6087519?hl=en" rel="nofollow noopener noreferrer" target="_blank">Google™ SSO</a>
- <a href="https://help.okta.com/oag/en-us/Content/Topics/Access-Gateway/add-app-saml-pass-thru-add-okta.htm" rel="nofollow noopener noreferrer" target="_blank">Okta</a>

An example mapping using a SAML attribute

In this example, your organization uses Entra ID. You have a role at your organization for Team Lead that you want to map to Coconut’s Staff Advanced role.

In Entra ID, someone at your organization with admin access creates an additional claim using the following details:

Then, in Coconut, an admin user completes the following role mapping in Settings&gt;Integrations &amp; API&gt;SSO&gt;User Role Mapping:

In this example, your organization uses Entra ID. You have a role at your organization for Team Lead (role ID = Team_Lead) that you want to map to Coconut’s Staff Advanced role.

In Coconut, an admin user completes the following role mapping in Settings&gt;Integrations &amp; API&gt;SSO&gt;User Role Mapping:

In Entra ID, someone at your organization with admin access to Entra ID updates the SAML User Profile for Team_Lead to include a relay state. The relay state value = Team_Lead.

Once these actions are completed, the staff’s profile settings in Coconut will include the following details:

Claim name	Type	Value
externalRoleId	SAML	"team_lead"

In this article

Objective

Steps

Map roles in Coconut

Complete additional configuration based on your IDP

An example mapping using a SAML attribute

An example mapping using a relay state

A note on access and visibility