Admin Authentication

PreviousOverview NextSetup a SAML SSO provider

Last updated 6 months ago

Admin Authentication

Accessing your organization

The simplest way to access your Cohort Admin is to bookmark and go to your organization's address directly:

If you don't know your organization's address, you can still access it through our main website by clicking Sign in

After verifying your email address via email or Google, you will be able to see all of the organizations you are a member of, and will be redirected to your organization's signin page.

Organization authentication

We offer both email and SSO (SAML and OIDC) authentication for you and your team members. By default only email authentication is enabled.

Please contact support@getcohort.com or your Customer Success Manager directly if you would like to configure SSO for your organization.

With email sign-in, a one-time sign-in link valid for 5mn is emailed to you, only if the email matches a team member registered in this organization.

Please note that for privacy purposes the Login link sent to xxx@xxx.com message will always be displayed, even if the email you entered does not match a team member.

It might also be possible that the email takes some time to be delivered, or will not be delivered at all if your company uses a custom email firewall policy. If that is the case, we recommend the following:

Switch to SSO authentication
Ask your IT administrator to whitelist emails coming from the getcohort.com domain

Your organization can also be configured to use Single Sign-On, allowing you and your teammates to authenticate to Cohort through an external Identity Provider.

We currently support SAML 2.0 and OIDC Identity Providers.

When SSO is configured, you will be redirected to your Identity Provider to complete the authentication process.

Just in time provisioning

We support JIT provisioning for SSO. With JIT provisioning disabled, only team members that have an account created on Cohort will be able to sign-in.

With JIT provisioning enabled, team members will be automatically created if they do not exist when someone logs in through SSO. This eliminates the need to provision and manage Cohort accounts for your system administrator.

We currently do not support Identity Provider initiated sign-in (signing in from your application directory in your Identity Provider platform). You will have to go to your Cohort organization sign-in page to initiate the authentication.

PreviousOverview NextSetup a SAML SSO provider

Last updated 6 months ago

Accessing your organization

The simplest way to access your Cohort Admin is to bookmark and go to your organization's address directly:

If you don't know your organization's address, you can still access it through our main website by clicking Sign in

After verifying your email address via email or Google, you will be able to see all of the organizations you are a member of, and will be redirected to your organization's signin page.

Organization authentication

We offer both email and SSO (SAML and OIDC) authentication for you and your team members. By default only email authentication is enabled.

Please contact support@getcohort.com or your Customer Success Manager directly if you would like to configure SSO for your organization.

With email sign-in, a one-time sign-in link valid for 5mn is emailed to you, only if the email matches a team member registered in this organization.

Please note that for privacy purposes the Login link sent to xxx@xxx.com message will always be displayed, even if the email you entered does not match a team member.

Switch to SSO authentication
Ask your IT administrator to whitelist emails coming from the getcohort.com domain

Your organization can also be configured to use Single Sign-On, allowing you and your teammates to authenticate to Cohort through an external Identity Provider.

We currently support SAML 2.0 and OIDC Identity Providers.

When SSO is configured, you will be redirected to your Identity Provider to complete the authentication process.

Just in time provisioning

We support JIT provisioning for SSO. With JIT provisioning disabled, only team members that have an account created on Cohort will be able to sign-in.

Accessing your organization

Organization authentication

Sign-in with Email

Sign-in with SSO

Just in time provisioning

Identity Provider initiated sign-in

Accessing your organization

Organization authentication

Sign-in with Email

Sign-in with SSO

Just in time provisioning

Identity Provider initiated sign-in