Single Sign-on and MFA

Single Sign-on and MFA

Single Sign On

What is Single Sign-on and how does it get setup?
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. All authentications must be via the client’s identity provider (IDP).

True single sign-on allows the user to log in once and access services without re-entering authentication factors.

Please note: This can only be used if everyone being setup has an active account within your identity provider. For example, a work email for a member of the company will have a work email address which is set up enabling them to log in to all their company systems, however a personal email address (in most cases) such as Gmail would not be set up to allow access.

Cognassist have two options for Single Sign-on
  1. Azure Active Directory/Microsoft Entra ID (New Microsoft name).
  2. Open ID.
What information is needed to set up SSO?
If Microsoft Entra ID SSO is needed, the following information needs to be provided to Cognassist.
  1. companyname.co.uk (domain name).
  2. Application (client) ID: xxxxxxxx-xxxx-xxxx-xxx-xxxxxxxxxxxx
  3. Secret Key ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  4. Secret Key Value: xxxxx~xxxxx.xxxx.xxxxxxxxxxxxxxxxxxxxxxx.
If open ID is needed, the following information needs to be provided to Cognassist.
  1. The URL of the discovery document of the OpenID Connect provider you want to connect with
  2. Your client ID.
Can MFA (Multi-Factor Authentication) be set up as well?
Not through Cognassist. You can set this up if it’s not already through your organisations IT.

What if I want added security and can’t have SSO?
We do offer MFA (Multi-Factor Authentication) and you can choose this for all or some users.


MFA (Multi-Factor Authentication)

Using MFA with the Cognassist Application
Version 1.006 / 2023

Introduction

Multi-factor authentication (MFA; two-factor authentication, or 2FA) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:

  1. Knowledge: Something only the user knows like a password or a memorized PIN.
  2. Possession: Something only the user has like a smartphone or a secure USB key.
  3. Inherence: Something only the user is like a fingerprint or facial recognition.
MFA helps to protect user data from being accessed by an unauthorized third party that may have been able to discover a password.

A third-party authenticator (TPA) app enables multi-factor authentication by showing a randomly generated and frequently changing code. Cognassist MFA uses Time-based One-Time Passwords (TOTP) for its codes. Time-based One-Time Passwords are a common form of MFA where unique numeric passwords are generated with a standardized algorithm that uses the current time as an input.

This document will provide guidance on enabling MFA for your Cognassist User account.

What you will need to complete the MFA enablement:
  1. The Vanity Domain URL for your organization. This will look like companyname.app.cognassist.com - Note: The company name used in your vanity domain may be your full company name or a shortened/abbreviated version. Check with your tutor/coach if you do not know the vanity domain being used.
  2. A working third-party Authenticator Application (TPA). This can be any Authenticator App that supports TOTP code generation. Note: You will find that most Authenticator Applications work on a mobile device and as such this guide assumes you have a mobile device with a working Authenticator Application installed.
  3. Your Username and Password for the Cognassist Application.
  4. A device with Internet connectivity.

Third-Party Authenticator Application (TPA)

You can use any third-party Authenticator Application that supports TOTP code generation. The initial setup and addition of the Cognassist MFA code is outside the scope of this guide.

IMPORTANT: You must have a working third-party Authenticator Application before you begin the process of MFA enablement for your Cognassist account.

Note: If you already have your Authenticator Application setup and working, please move on to the section “Enabling MFA On Your Cognassist Account”

There are many different third-party Authenticator Applications. Below is a list showing some of the more common Authenticator Applications you may choose to use and some links to help you get started. All the Authenticator Applications included in the list are free to use, some may require you to create a free account in order to access all features.

It is recommended that you always check with your IT Department before installing any applications on your device and we would also recommend you check to see if your organization has a preferred authentication application.
Note: The choice of which Authenticator Application to use is at the sole discretion of the individual. Cognassist do not provide support for the use or operation of Authenticator Applications.

Some common Authenticator Applications:

  1. Microsoft Authenticator
    1. Available for Android & iOS
    2. Works offline
    3. Supports backup and/or Sync
    4. Microsoft Mobile Phone Authenticator App
    5. Download and install the Microsoft Authenticator app
    6. Add non-Microsoft accounts to the Microsoft Authenticator app
    7. Manually add an account to the Microsoft Authenticator app
    8. Back up and recover account credentials in the Authenticator app
  2. Google Authenticator
    1. Available for Android & iOS
    2. Works offline
    3. Supports Sync
    4. Get verification codes with Google Authenticator - Android
    5. Get verification codes with Google Authenticator - iPhone & iPad
  3. Twilio Authy
    1. Available for Android, iOS, Windows, MacOS & Linux
    2. Works offline
    3. Supports backup and/or sync
    4. Supports encryption
    5. Downloading and installing Authy apps
    6. Add a ne two factor authentication account token in the Authy app
    7. Welcome to Authy
    8. Backups and sync in Authy
  4. 2FAS
    1. Available for Android, iOS & Browser extension
    2. Works offline
    3. Supports backup and/or sync
    4. Supports encryption
    5. 2FA Authenticator App (2FAS)
    6. 2FA Authenticator (2FAS) on the App Store (apple)
    7. 2FA Authenticator (2FAS) on Google Play
    8. 2FAS Browser Extension
    9. Help Center - 2FAS

Enabling MFA On Your Cognassist Account

With MFA enforced, when you log in to Cognassist you will see the MFA setup screen. Follow these steps:

  1. Open your preferred browser on your device.
  2. Launch your organization’s vanity domain: https://companyname.app.cognassist.com
  3. Enter your username and password, then click Log in >
  4. You will be prompted with an MFA setup screen showing a QR code.
  5. Open your Authenticator Application.
  6. Click to register a new account.
    1. If prompted select “generic (other)” account type.
  7. Adding the Cognassist token:
    1. Most Authenticator Apps support QR codes. Scan the QR code and follow any on-screen prompts.
    2. If your App does not support QR codes, you will need to add the token manually:
      1. On the MFA setup screen click the 'Trouble Scanning?' link.
      2. A long number (your MFA secret token) will be displayed.
      3. Enter this code into your Authenticator App and follow prompts.
  8. The Cognassist MFA code will now appear in your Authenticator App.
  9. Select the Cognassist MFA connection. You will see a 6-digit TOTP code, which changes every 30 seconds. Your Authenticator App will display a countdown timer for each code.
  10. Return to the Cognassist website.
  11. Enter the TOTP code from your Authenticator App into the MFA setup prompt and click >

  13. If verified, you will be redirected to the Cognassist app. Note: If the TOTP code times out, repeat Step 11 with the next valid code.
Congratulations, you have successfully enabled MFA for your Cognassist user account.

    • Related Articles

    • MFA (Multi-Factor Authentication) Setup

      The process to setup of MFA from a client perspective Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be ...

    • How to reset a user or learner MFA status

      Note: This guide only applies to clients who have MFA set up by Cognassist. You will require client admin rights to perform this process. How to reset a Users MFA status Log into the platform and go to the 'Users' dashboard. Select the user by ...

    • Downloading intervention reports

      You can download the intervention reports in a number of ways. Two of these options are via the learner progress page and one via the learner programme page. Option 1) Download the current month's intervention report for a single learner You can ...