Single Sign-On

Coalesce currently supports Single Sign-On (SSO) with the following identity providers (IDPs):

Configure Okta SSO

To use Okta as your Single Sign-On provider, you'll want to create a new App Integration in Okta. To do this, take the following steps:

  1. Open the admin panel for your Okta organization
  2. Click on Applications. You should now be at a screen that looks like the following screenshot.
Creating an App Integration in OktaCreating an App Integration in Okta

Creating an App Integration in Okta

  1. Click on Create App Integration
  2. You'll be presented with a window with options like the following screenshot. Select OIDC - OpenID Connect as the Sign-in method and Single-Page Application as the Application Type and then create the new app integration.
Configuring a new App Integration in OktaConfiguring a new App Integration in Okta

Configuring a new App Integration in Okta

  1. On the settings page for this newly created integration, enter the following -
  • App Integration Name - this is typically going to be Coalesce but any friendly name works
  • Sign-in redirect URI - by default this is http://localhost:8080/login/callback which you'll want to change to https://mySubdomain.app.coalescesoftware.io/login/callback. mySubdomain is typically the name of your organization.
  • Controlled Access - select whichever setting is appropriate for your organization
  1. Click Save. You'll now be at a window with all your App Integration settings. Keep this browser tab open as you'll need to enter some information from it into Coalesce.
  2. Open a new browser tab/window
  3. Sign in to your Coalesce application using username and password
  4. Go to Single-Sign on settings via User Menu Org Settings Single Sign-On.
  5. Fill out the fields using the following table:

Field

Description

Authority

The system being used for Single Sign On, choose Okta.

Subdomain

This will be the same as mySubdomain chosen earlier in Step 5.

Authorization Server

Refer to the URL you use for your Okta account. Your Authorization Server will be the base URL.

OIDC clientID

This will be the same as the Client ID field in the settings of your Okta app integration.

  1. Once you've filled out the SSO settings in Coalesce, click Save
  2. Log out of Coalesce
  3. Go to your subdomain - https://mySubdomain.app.coalescesoftware.io - and click on the Use Single Sign-On button to log in using SSO.
Use Single Sign On ButtonUse Single Sign On Button

Use Single Sign On Button

If instead of a button you see an error message, check to make sure you correctly entered all the fields in your Coalesce SSO settings. If the problem persists please reach out to our our Support Team.

Configure Azure AD SSO

To use Azure AD as your Single Sign-On provider, you'll want to create a new App Registration in Azure.

  1. Go to the Overview panel in Azure Active Directory
  2. Click the + Add dropdown
  3. Select App Registration
Where to Create an App Integration in AzureWhere to Create an App Integration in Azure

Where to Create an App Integration in Azure

  1. On the registration page for this newly created integration, enter the following
  • Name - this is typically going to be Coalesce but any friendly name works
  • Supported Account Types - choose which Account types to support, see the following screenshot
Configuring an App Integration in AzureConfiguring an App Integration in Azure

Configuring an App Integration in Azure

❗️

Supported Account Types

Personal Microsoft accounts only is not a supported option for Coalesce Azure SSO.

  • Redirect URI - The redirect URI should be formatted as follows - https://mySubdomain.app.coalescesoftware.io/login/callback
  1. Click Register to create the integration. You'll now be at a window with all your App Registration settings. Keep this browser tab open as you'll need to enter some information from it into Coalesce.
Example Azure App Registration OverviewExample Azure App Registration Overview

Example Azure App Registration Overview

  1. Open a new browser tab/window
  2. Sign in to your Coalesce application using username and password
  3. Go to Single-Sign on settings via User Menu Org Settings Single Sign-On.
  4. Fill out the fields using the following table:

🚧

Microsoft Permissions Requested

When selecting Use Single-Sign On with Azure Active Directory, the user may be prompted to grant Coalesce permission to:

1. Sign you in and read your profile
2. Send mail as you
3. Maintain access to data you have given it access to

These permissions can be pre-approved for future users by an admin in Azure Directory. They can go to Manage App Registrations Your App Registration API Permissions. From there they select Add a permission Microsoft Graph Delegated Permissions and then select the desired permissions to pre-approve for the non-admin users.

Field

Description

Authority

The system being used for Single Sign On, choose Azure.

Subdomain

This will be the same as mySubdomain chosen earlier in Step 4.

Authorization Server

Single tenant integrations - https://login.microsoftonline.com/[tenantID]/

For multi-tenant and multi+personal integrations - https://login.microsoftonline.com/common/

OIDC clientID

Refer to the Application (client) ID in the "Essentials" section on the overview page for your Azure App Registration.

  1. Once you've filled out the SSO settings in Coalesce, click Save
  2. Log out of Coalesce
  3. Go to your subdomain - https://mySubdomain.app.coalescesoftware.io - and click on the Use Single Sign-On button to log in using SSO.

What’s Next
Did this page help you?