mjang-cobalt
commented
1 year ago Closed mjang-cobalt closed 8 months ago
mjang-cobalt
commented
1 year ago 
Naveenommi-MSFT
commented
1 year ago @mjang-cobalt Thanks for your feedback! It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team.
mjang-cobalt
commented
1 year ago Hi, @Naveenommi-MSFT , the documentation we're following is: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/cobalt-tutorial, which I linked to in my original note.
My bad for not putting the link in your preferred format.
As for our documentation, we hope to make your article into the "Single Source of Truth" for integration between Cobalt and Microsoft Azure. We'd link to it from an appropriate section of developer.cobalt.io.
mjang-cobalt
commented
1 year ago Question: I'm from Cobalt.io. Some of the screenshots, shown in this section of Microsoft documentation, reflects what we have in our Cobalt.io UI.
However, the same article also refers to cobaltdl.com, which is a different company (same name).
Can you clarify -- with your Microsoft article, did you intend to document integration with:
Naveenommi-MSFT
commented
1 year ago @mjang-cobalt Thank you for bringing this to our attention. I've assigned this issue to the author who will investigate and update as appropriate.
Naveenommi-MSFT
commented
1 year ago @kenwith Could you please review add comments on this, update as appropriate.
mjang-cobalt
commented
1 year ago @kenwith Please let us know if Microsoft wants to use this article to integrate with us at Cobalt.io. If so, we stand ready to help.
If you intend to use this article to integrate with one of the other software companies named "Cobalt" (Cobaltdl.com, Cobalt.net), we'd need to update our own docs for integrating with Azure AD (which we'd move to and publish at developer.cobalt.io)
mjang-cobalt
commented
1 year ago @kenwith , @Naveenommi-MSFT , I need your help. With this article...
does Microsoft intend to integrate with Cobalt.io, the company that I work for -- or some other software company named Cobalt.
kenwith
commented
8 months ago I believe this was fixed but lost in doc enhancement feedback. Please contact me directly if this is not the case. My email is same as my GitHub alias. #please-close
Update Cobalt Configuration Article
I'm @mjang-cobalt, and I'd like to see an update to the Microsoft Cobalt Configuration Tutorial, as it relates to a SAML-based SSO connection to Azure Active Directory.
Based on our research, we're looking for a significant number of changes. As suggested by your article template, we don't want this to be a "surprise." So before we submit a PR, we'd like to share our plan on what we'd like to change.
Of course, if you (Microsoft) prefer, you're welcome to take charge of these changes.
Requested Changes
- Identifier (Entity ID): https://api.cobalt.io/users/saml/metadata
- Reply URL (Assertion Consumer Service URL): https://api.cobalt.io/users/saml/auth
In the Sign-on URL text box, type a URL using the following pattern: https://brightside-prod-
Note The value is not real. Update the value with the actual Sign-On URL. Contact Cobalt Client support team to get the value. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
Comment: We don’t use the Logout URL in the Cobalt app.
2. Select Settings on the left menu.
3. Select Identity & Access, and select Enable in SAML 2.0.
4. Perform the following steps in the SAML 2.0 section.
5. In the IDP ISSUER URL textbox, paste the Azure AD Identifier value which you have copied from the Azure portal.
6. In the IDP TARGET URL textbox, paste the Login URL value which you have copied from the Azure portal.
7. Open the downloaded Certificate (Base64) from the Azure portal into Notepad and paste the content into the IDP CERTIFICATE textbox.
8. Click SAVE.
Note
Please follow this article for more information on how to configure SSO on Cobalt side.
2. If you belong to multiple organizations, select an organization for which you want to configure SAML SSO.
3. Select Settings > Identity & Access, then select Enable under SAML 2.0.
4. For these parameters in Cobalt, enter values from Azure AD:
- IdP Issuer URL: Azure AD Identifier
- IdP Target URL: Login URL
- IdP Certificate: Certificate (Base64), from the file that you downloaded in Azure AD
5. Select Save.
6. Save the IdP Relay State value that appears in red.
If you need help, contact your Cobalt Customer Success Manager or support@cobalt.io.
Complete the configuration in Azure AD
1. In the Azure portal, navigate to the SSO configuration page for the Cobalt app.
2. Under Basic SAML Configuration, paste the IdP Relay State value that you copied in Cobalt into Relay State.
- Use the formatting that you see in the Cobalt app. The string starts with
{"org_token":".In this section, you create a user called B.Simon in Cobalt. Work with Cobalt support team to add the users in the Cobalt platform. Users must be created and activated before you use single sign-on.
Create a user called B.Simon in Cobalt.
- Use the same email address in Cobalt and Azure AD for the user.
- The user must confirm their email address and create a password in Cobalt.
If you need help, contact your Cobalt Customer Success Manager or support@cobalt.io.
Comment: PR for the link in Cobalt docs is in progress, and will be merged soon.
- Click on Test this application in Azure portal. This will redirect to Cobalt Sign-on URL where you can initiate the login flow.
- Go to Cobalt Sign-on URL directly and initiate the login flow from there.
- You can use Microsoft My Apps. When you click the Cobalt tile in the My Apps, this will redirect to Cobalt Sign-on URL. For more information about the My Apps, see Introduction to the My Apps.
1. Sign in to the Microsoft portal as the test user B.Simon that you created: http://myapps.microsoft.com/.
2. Under Applications, select the Cobalt app.
The system authenticates the user's identity and redirects you to the Cobalt app.
Comment: The flows described in the instruction describe IdP-initiated SSO.
Pull requests and article contributions
If you know the change that is needed in an article, we encourage you to submit the changes directly using a pull request. If the change is large, or if you want to contribute an entire article, follow these guidelines:
We'll route the issue to the appropriate content team for review and discussion.
Tech support and product feedback
If you would like to contact Microsoft about other things, such as product feedback or tech support, please review these guidelines:
If you need technical support using Azure, the paid and free support options are described here: https://azure.microsoft.com/support/options/.
Each article in the Azure technical documentation contains a product feedback button - it's best to submit product feedback directly from a relevant article. Otherwise, you can submit product feedback for most Azure products in the following product feedback forum: https://feedback.azure.com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4.