Coconut Software

<a href="#h_01GMP34MF9XMFCH0QCF9YYW85B">Objective</a>

<a href="#h_01GMP34T6X4ZWHXG6WNEP1V97E">Available Claims</a>

<a href="#h_01GMP34YVBVVCGHQTTHHM3AGZD">Steps</a>

<a href="#h_01GMP353JBVQFJJ60ST2YCKSVQ">A note on access and visibility</a>

- <a href="#h_01GMP34MF9XMFCH0QCF9YYW85B">Objective</a>
- <a href="#h_01GMP34T6X4ZWHXG6WNEP1V97E">Available Claims</a>
- <a href="#h_01GMP34YVBVVCGHQTTHHM3AGZD">Steps</a>
- <a href="#h_01GMP353JBVQFJJ60ST2YCKSVQ">A note on access and visibility</a>

Determine specific user attributes that will be incorporated into the SSO process by configuring SSO claims.

The following attributes are communicated through claims from your identity provider.

NOTE: Claims marked as required are required only at the time the user is created. To allow new users to be created when logging into Coconut through SSO:

From the navigation menu, click Settings

Toggle on the Users logging in via SSO… setting to Users logging in via SSO that don’t already exist in Coconut will be created and logged in successfully

1. From the navigation menu, click Settings
2. Click SSO
3. Expand Login Settings
4. Toggle on the Users logging in via SSO… setting to Users logging in via SSO that don’t already exist in Coconut will be created and logged in successfully

The steps to configure SSO claims vary depending on Identity Provider (IDP). Click the name of your IDP (if applicable) to be directed to additional information:

<a href="https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization" rel="nofollow noopener noreferrer" target="_blank">Microsoft</a>

<a href="https://support.google.com/a/answer/6087519" rel="nofollow noopener noreferrer" target="_blank">Google</a>

- <a href="https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization" rel="nofollow noopener noreferrer" target="_blank">Microsoft</a>
- <a href="https://support.okta.com/help/s/article/How-to-add-custom-attributes-of-user-profile-as-claims-in-token?language=en_US" rel="nofollow noopener noreferrer" target="_blank">Okta</a>
- <a href="https://support.google.com/a/answer/6087519" rel="nofollow noopener noreferrer" target="_blank">Google</a>

For additional information on nameID formats, please refer to <a href="https://www.ibm.com/docs/en/sva/9.0.1?topic=federations-saml-20-name-identifier-formats" rel="nofollow noopener noreferrer" target="_blank">this article</a>.

If a user already exists in Coconut (for example, from being created through an Active Directory import), SSO only updates the role value (name, job title, email, username, and language do not change)

Admin users can access Settings and configure the SSO integration settings in Coconut.

Description	Claim Name	Required (Y/N)	Default	Notes
First Name	first_name	N	n/a	n/a
Last Name	last_name	N	n/a	n/a
Email	email	N	n/a	n/a
External ID	external_id	N	n/a	n/a
Job Title	job_title	N	n/a	n/a
Language	language	N	en	Can be one of the following: en fr es
Location	locations	N	n/a	Assigns a location/locations to the user. Use a comma separated list of location external IDs. NOTE: If this claim is present but empty, the user's location(s) is/are removed.
Role	role	N	10	Can be one of the following: 5 (Call Center) 10 (Staff) 13 (Staff Plus) 15 (Staff Advanced) 20 (Manager) 30 (Admin)
Staff Group	group	N	n/a	For use in conjunction with staff groups. Value is the staff group's external ID. NOTE: If this claim is present but empty, the user's group is removed.
Username	username	N	nameId	For more information, please refer to this article.
External Role ID	externalRoleId	N	n/a	This claim can be used to support role mapping between Coconut and existing roles at your organization. For more information, please refer to this article.

In this article

Objective

Available Claims

Steps

Hot Tip!

A note on access and visibility