Cobrowse.io Docs
  • Getting started
  • SDK Installation
    • Web
    • iOS
    • Android
    • React Native
    • Flutter
    • .NET Mobile
    • macOS
    • Windows
  • SDK Features
    • Account config
    • Identify your devices
    • Use 6-digit codes
    • Redact sensitive data
    • Viewing PDFs
    • Universal Cobrowse
    • Customize the interface
      • Active session controls
      • 6-digit code screen
      • User consent dialog
      • Remote control consent dialog
      • Full device consent dialog
      • Localization / translation
    • Initiate sessions with push
    • Listening for events
    • Full device capabilities
      • Full device screen sharing
      • Full device remote control
      • Managing full device mode
    • Advanced configuration
      • Starting and stopping the SDK
      • Declaring capabilities
      • Intercepting mobile SDK network requests
      • Web
        • IFrames support
        • IE 11 polyfills
        • Cross-domain session support
        • Ignore Views
      • iOS
        • Alternate render method
        • Custom touch handling
      • Android
        • Backporting TLS to older Android versions
  • Agent-side integrations
    • Agent-side overview
    • Platform integrations
      • Zendesk
      • Salesforce
        • Migrating from legacy to v2
        • Salesforce (Legacy)
      • Genesys
        • Genesys Cloud
        • Engage Workspace Web Edition (WWE)
        • Engage Workspace Desktop Edition (WDE)
      • Intercom
      • Freshworks
      • Talkdesk
      • NICE
    • Custom integrations
    • Agent SDK
      • API Reference
      • Sample code snippets
    • Authentication (JWTs)
      • JWT Policies
    • Authentication (SAML 2.0)
    • IFrame embeds
  • Enterprise self-hosting
    • Self-hosting overview
    • Docker Compose
    • Helm chart
      • Image Pull Secret
      • Environment Variables
      • Optional recording components
      • Pod Annotations
    • AWS terraform
      • AWS metrics configuration
    • Azure terraform
      • Azure metrics configuration
    • GCP terraform
      • GCP metrics configuration
    • Sizing guidelines
    • Running your instance
      • Adding a superuser
      • Limiting account creation
      • Limiting magic link recipients
      • Configuring SMTP
      • Managing your deployment
    • Monitoring your instance
      • Available metrics
      • Self-Hosted Prometheus
    • Advanced configuration
      • Air gap configuration
      • Pin web SDK version
      • L7 firewall configuration
      • Docker proxy configuration
    • Troubleshooting
Powered by GitBook
On this page
  • Configure SAML 2.0
  • Configure within your identity provider
  • Registering Cobrowse.io
  • Configuring Admin users
  • Configuring display names
  • IFrame integrations
  • Advanced
  • Validating the Cobrowse.io SAML request (optional)

Was this helpful?

  1. Agent-side integrations

Authentication (SAML 2.0)

Allow your users to authenticate using your SAML 2.0 identity provider for simple SSO.

Allow your users to authenticate using your SAML 2.0 identity provider for simple SSO. You must support user email address as the ID type with your identity provider.

Configure SAML 2.0

In your account settings, go to /dashboard/settings/integrations and under SAML config enter your:

  • SAML certificate - including the "-----BEGIN CERTIFICATE/END CERTIFICATE-----" lines;

  • entry point URL as configured within your IdP (for a Service Provider-initiated request).

This will generate a login URL in the format https://<your hosted domain>/login/saml/<provider ID> where <your hosted domain> defaults to the domain that is hosting your cobrowse account, e.g. cobrowse.io in most cases. This URL can be used as the login page for your agents.

Configure within your identity provider

You may be required to add configuration for Cobrowse.io within your identity provider.

Registering Cobrowse.io

If your SAML identity provider requires registering Cobrowse.io as an approved application, then please use the following information:

  • service provider id: cobrowseio-saml

  • ACS / Callback / Recipient / Destination / SSO URL: https://<your hosted domain>/api/1/saml/auth/callback

Please replace <your hosted domain> with cobrowse.io when using our hosted service.

Configuring Admin users

All users who login via SAML will, by default, have the Cobrowse.io "Support Agent" role. If you'd like to manage your Admin users through SAML, you must:

  • create a group/role named "cobrowseio_administrator" within your identity provider

  • pass this value through as an attribute in your SAML profile as a value or an array, e.g.:

    • "groups" : "cobrowseio_administrator"

    • "groups" : ["cobrowseio_administrator", "abc", "def", ...]

Configuring display names

To import the real names of your users from your SAML provider, please configure a displayName SAML assertion within your IdP for your users.

IFrame integrations

If you are running Cobrowse in your own IFrame integration, then you may optionally choose to perform the SSO within the IFrame by loading it from:

https://<your hosted domain>/api/1/saml/auth?provider=<provider ID>&redirectTo=<your URI encoded Cobrowse route>

<your hosted domain> is cobrowse.io when using our hosted service.

The parameter <your URI encoded Cobrowse route> is the endpoint specified by your choice of IFrame embed and must be correctly URI encoded, e.g. for /code use %2Fcode.

Your IFrame settings and identity provider must allow sharing of cookies to your IFrame'd domain. This includes for additional steps with your provider, such as MFA.

Advanced

Validating the Cobrowse.io SAML request (optional)

Our SAML requests are signed to verify their origin. You can optionally validate this signature within your identity provider. To do this, please use the certificate provided at this endpoint: https://cobrowse.io/api/1/saml/certificate.

PreviousJWT PoliciesNextIFrame embeds

Last updated 10 months ago

Was this helpful?