SAML configuration steps

1. Access Integration Settings:

   • Navigate to your Account page.
   • Click on the Integration tab.

2. Select SAML as Sign-On provider:

   • From the dropdown menu, choose Sign-On provider (SAML).

3. Provide SAML configuration details:

   Identifier (Entity ID)

   Use the identifier that corresponds to your region:

   Europe

   • https://api.cosafe.se/

   South America

   • https://api.cosafe.com.br/

   Reply URL (assertion consumer service URL)

   Add Reply URL's that correspond to your region:

   Europe

   • https://api.cosafe.com/api/account/SamlRedirect
   • https://api.cosafe.se/api/account/SamlRedirect

   South America

   • https://api.sa-east-1.prod.cosafe.com/api/account/SamlRedirect
   • https://api.cosafe.com.br/api/account/SamlRedirect

4. Define required SAML attributes:

   • name: User's full name
   • emailaddress: User's email address
   • identifier (optional): Unique identifier, especially if the user's email changes.

info

The attributes should be added with a namespace.

Example for Entra ID:

<AttributeName="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">

<AttributeName="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">

5. Add domains:

   • Specify the email domains of users who will utilize SSO.
   • To add multiple domains:
     • Click +Add domain.
     • Enter each domain accordingly.

6. Save configuration:

   • After entering all necessary information, save your settings to enable SAML SSO.

---

Strongly recommended: Enable MFA in your Identity Provider

When using SSO, Cosafe delegates all authentication responsibility to your Identity Provider. Cosafe does not enforce its own 2FA for SSO logins.

Please ensure that Multi-Factor Authentication (MFA) is enabled and enforced in your IdP for all users accessing Cosafe. This is the single most effective step you can take to protect your organisation's accounts.

For more details, see our SSO introduction page.