Objective

Provide employees with a secure and simplified sign-on process by integrating your SSO application with Coconut.

NOTE: Single Sign-On is an add-on feature. Please connect with your Customer Success Manager to get started.

Steps

Integrating your SSO application with Coconut requires downloading the SSO Configuration file, creating an app in your Identity Provider (IDP), uploading or manually entering the required IDP attributes, reviewing the configuration, and customizing the sign-on experience.

Download the configuration file

From the navigation menu, click Settings
From Integrations & API, click SSO
Click the file name for the SSO Configuration File or the download icon to download the file
Click Next

Create an app in your IDP

The next step is to use the SSO Configuration file to create an app within your organization’s Identity Provider (IDP). The process for creating an app differs depending on the provider. Please refer to your provider’s documentation to confirm how to successfully complete the IDP elements of the setup process, or visit the link below if your IDP is listed. Regardless of provider, ensure that the newly created app is configured to use SSO so that it can integrate with Coconut.

Commonly Used IDPs

The following are commonly used IDPs when configuring SSO with Coconut. Click the name if your IDP (if applicable) to be directed to their setup information:

SSO and Premium Branding

If your organization is using both Premium Branding and SSO in conjunction with Coconut, you can set up SSO to work with the vanity URL, the initial Coconut URL, or both.

Example initial Coconut URL: yourcompanyname.coconutcalendar.com
Example vanity URL: yourcompanyname.com

If using SSO for both the vanity URL and initial Coconut URL, add the domain for the vanity URL to your IDP (in addition to the initial Coconut URL).

If using SSO for only the vanity URL, add the domain for the vanity URL to your IDP and remove the domain for the initial Coconut URL from your IDP.

If using SSO for only the initial Coconut URL, no additional domains need to be added to your IDP.

Upload or manually enter IDP attributes

Once the app is created in your IDP, you can either upload or manually enter IDP attributes.

Upload IDP attributes

Download your IDP’s metadata file to your desired location
Do one of the following:

Drag and drop the file from your desired location onto the upload target
Click or select from your computer to locate and upload the file
Click Complete Setup

Manually enter IDP attributes

Enter the Entity ID (URL or text string that identifies the IDP)
- Example Entity ID: http://sts.windows.net/your-tenant-id-here
Enter the SSO URL; when signing into Coconut, the user will be redirected to the URL entered here to complete authentication
- Example SSO URL: https://login.microsoftonline.com/your-tenant-id-here
If desired, enter the SLO URL
- Hot tip! If entered, when a user signs out of Coconut, they will be signed out of the IDP. Leave this field blank to allow users to remain signed into the IDP.

Enter the x509 Certificate

NOTE: If your IDP has more than one certificate in the file, use the Signing Certificate

Example x509 Certificate:

MIICTTCCAbYCCQCe5zW8m+9mIDANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9udG8xFTATBgNVBAoMDENvbXBhbnkgTmFtZTEMMAoGA1UECwwDT3JnMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjEwMjI0MTg0NzIyWhcNMjIwMjI0MTg0NzIyWjBrMQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9udG8xFTATBgNVBAoMDENvbXBhbnkgTmFtZTEMMAoGA1UECwwDT3JnMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/6/iL0f0n6FPE4jl/kATLgJuSH4Ome96WU6KU2mBtJgJsAH9rxm0QFCFhcti5KIZpfxLVUMSndUqkVYKGtzqWYQX2yTqOL45WxsO0f/UptRv24vDD200dZQs/5ZUH1db2xu3kwq+9Th/8CX1IONj2uVSr0EkQI2xYJQH7mmLUVAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAIA+oYhPvecWRtLcXVHEUwDehgW+qjpiG64qUAVbBamrM5LUN9MurGv9wJPv/vIg+ynDOdlcQ4k+xRXUGT77hYYxpARS1HK1VLOX4pGpQjK27vkisJ8OCKFsSe0vNclwexxGnuOR2wChh9AknzY/uck5+luR64F/w+Nm8/2vSVs8=

Select the Unique Identifier that will be used to connect user accounts within Coconut to the IDP
Click Complete Setup

Screen_Shot_2022-11-09_at_9.36.22_AM.png

A sample SSO configuration setup when IDP attributes have been entered

Review configuration & customize the integration

Initial configuration is complete. From here, you can review the details provided and update, if required. To update, click Edit Configuration and make any required changes. You can also disconnect the SSO configuration by clicking Disconnect.

Customize the sign-on experience

Expand Login Settings
Enter custom button text for users in the SSO Login Button Text field
- NOTE: If additional languages are enabled at your organization, click the language tab to also add custom button text in your additional language(s)
- Hot tip! Coconut recommends keeping button text to a maximum of 60 characters, including spaces
Select whether you want to show or hide the username and password fields to users when signing in
- Show: Coconut’s username and password fields will display to the user, with the SSO button following the username/password option
- Hide: Users will only be presented with the SSO Login button when signing into Coconut; this essentially disables manual login
Toggle on Users logging in via SSO that don’t already exist in Coconut will not be created and unable to log in if you do not want new staff members to login to Coconut without first contacting your administrator
- NOTE: If no action is taken and the setting remains off, when a new staff member signs into Coconut using SSO, a new staff profile is created within Coconut with a default role of Staff

Screen_Shot_2022-11-09_at_9.53.30_AM.png

Customize the SSO login experience for users from Login Settings

Hot tip!

Before archiving a user in Coconut, remove that staff member from your organization’s IDP. If an archived staff member attempts to login to Coconut using SSO, they are redirected to Coconut’s username/password login screen with an error message prompting them to contact their administrator.