Attention: Before you can set up Single Sign-On, this feature must be activated for you. Please feel free to contact our support team if this is not the case.
Configure SSO with Azure Active Directory
First, log in to your Cosuno account. It's important that you have a user account with the administrator role, as you will need appropriate permissions to set up Single Sign-On.
Navigate to the "My Company" section via the menu at the top right, and then click on the "SSO" section under "Security".
Please log in to Azure Active Directory in a separate tab and navigate to the "Enterprise Applications" section, located in the sidebar. From there, click on "New Application" in the subsequent view.
In the next screen, click on "Create your own application" option. Choose "Cosuno" as the application name, or if preferred, select another suitable name. Under "What are your intentions with this application?", select the third option. Finally, click on "Create".
As a result, the application has been successfully created in Azure. Next, click on "Set up SSO" under the "Getting Started" section.
Under "Select SSO method", click on "SAML" here.
Then you will be directed to the following view.
Under the first section labeled "Basic SAML Configuration," click on "Edit."
Next, open the Cosuno tab as you'll find the values here that you need to input into Azure.
Copy the value of "Service Provider Entity ID" from Cosuno and paste it into the "Identifier (Entity ID)" field in Azure.
Copy the value of "Service Provider ACS URL" from Cosuno and paste it into the "Reply URL (Assertion Consumer Service URL)" field in Azure.
In the second section labeled "Attributes & Claims," click on "Edit."
In the "Required claim" section, there's a row with the text "Unique User Identifier (Name ID)." Click on that row. In the subsequent view, change the value for "Source attribute" to "user.mail." Then, click on "Save."
After that, click on "SAML-based Sign-on" in the breadcrumbs at the top to return to this view.
Scroll down afterward to reach the following view.
Now, turn your attention to Box 4 ("Setting up Cosuno"). You'll need to input the values displayed here into Cosuno to complete the setup.
Copy the "Sign-On URL" value from Azure and paste it into the "Identity Provider Target URL" field within Cosuno.
Next, copy the "Azure AD Identifier" value from Azure and insert it into the "Identity Provider Entity ID" field in Cosuno.
Additionally, within Box 3 ("SAML Certificates"), you'll need to download the certificate. Click "Download" under the "Certificate (Base64)" section. Afterward, open the downloaded file in any text editor (e.g., Notepad) and copy its entire content to your clipboard.
Then, paste the certificate into the "Signature Certificate" field in Cosuno.
Within Cosuno, you still have the choice to activate SSO for all users or only for specific email domains. The latter option is especially pertinent for companies inviting guest users from other organizations (e.g., external architects) to Cosuno who cannot sign in with SSO. Please verify with your team if this is applicable.
IMPORTANT: Once you click "Save" in Cosuno, users in your company account will no longer be able to sign in with email and password. Therefore, it's best to notify other users beforehand and perform the configuration at a time when it won't disrupt other users.
Now, click on "Save" in Cosuno.
Afterward, you can test the integration. Before doing so, you need to add one or more users or groups to your new application in Azure. For example, you can add yourself as a user to test the login functionality.
Afterwards, navigate back to the "Single Sign-On" section, scroll to the bottom, and click on the "Test" button to verify the sign-in process. It's important to ensure that your email address in Azure matches the email linked to your user account in Cosuno for the sign-in to function correctly.