Administration

Single Sign-On (SSO)

Let your team sign in to Coactive with your existing corporate credentials.

Single Sign-On (SSO) lets your team access Coactive using the identity provider (IdP) you already use, so there are no separate Coactive passwords to manage. You’ll configure SSO once per organization during onboarding, and your users sign in with their corporate credentials from then on. Coactive runs on an Auth0-based identity layer, so we interoperate with the standard enterprise identity providers your team already has in place.

Note: SSO is available to all organizations. Setup is handled per organization during onboarding. Reach out to your Coactive contact to get started.

Supported Protocols & Providers

Coactive federates with any IdP that speaks the two industry-standard SSO protocols:

  • SAML 2.0 — the standard supported by most enterprise identity providers.
  • OpenID Connect (OIDC) — an OAuth 2.0–based protocol common to modern providers.

This means Coactive works with the providers your team most likely already uses, including:

  • Okta
  • Microsoft Entra ID (formerly Azure AD)
  • Google Workspace

Tip: If your IdP supports SAML or OIDC, we can federate with it. The specific vendor is not a constraint and these two protocols are supported by most enterprise identity providers.

How Setup Works

SSO is configured once per organization during onboarding. The process typically takes a single working session between your IdP administrator and the Coactive team:

  1. You share your IdP details and federation metadata with Coactive (see What You’ll Provide below).
  2. Coactive configures the federated connection in our identity layer for your organization.
  3. Both sides verify the connection by exchanging metadata and testing sign-in with your initial admin user(s).
  4. SSO is enabled for your organization, and your team begins signing in with their corporate credentials.

What You’ll Provide

To configure the connection, your team supplies the following:

ItemDescription
Identity provider detailsWhich IdP you use (e.g., Okta, Entra ID) and the protocol (SAML or OIDC).
Federation metadataYour IdP’s metadata — endpoints and signing certificate — used to establish trust.
Technical contactAn IdP administrator on your side to coordinate setup and testing.
Initial admin user(s)The first administrator account(s) used to validate sign-in and manage access.

Shared-Responsibility Model

Coactive follows the standard shared-responsibility model for identity. You retain full control of your credential and access policy through your own IdP, while Coactive operates the federation and the application.

You manage (in your IdP)Coactive manages
Credential and password policyThe Auth0-based identity and federation layer
Authentication, including any MFA you enforceMapping authenticated identities to Coactive access
Access reviews and user lifecycleSecuring the application and session handling
Revocation — disabling a user in your IdP removes their accessMaintaining protocol support (SAML / OIDC)

Note: Because authentication happens in your IdP, the policies you enforce there — including multi-factor authentication (MFA) — apply before a user reaches Coactive. MFA is defined and enforced in your IdP; it is not configured separately in Coactive.

Things to Know

  • SSO is configured at the organization level, not per individual user. All users in your organization authenticate through the same IdP connection.
  • MFA is enforced by your IdP. Coactive relies on the authentication your IdP performs; multi-factor policy is defined and enforced on your side, so users complete any MFA your IdP requires before reaching Coactive.
  • Revocation is IdP-driven. Because access is federated, removing or disabling a user in your IdP is what revokes their Coactive access following the default session TTL. Plan deprovisioning through your normal IdP lifecycle.
  • Automated provisioning (SCIM) can be discussed during onboarding. Reach out to your Coactive contact for current support. Today, users are provisioned at first sign-in or via admin invitation.

Need More Help?

If you have questions about configuring SSO for your organization, or need help with provider-specific setup, custom attribute mapping, or SCIM provisioning, don’t hesitate to contact Coactive Support. We’re happy to set up a working session with your IdP administrator and walk through any aspect of the setup.