Users have two options for logging into cove.tool: using their username/password or logging in using single sign-on (SSO) with their Microsoft credentials. This article outlines how to use SSO to log into cove.tool.
Using Plug-ins with SSO
For users who use SSO for authentication, the process for using the plugins is as follows:
Log into cove.tool using SSO (as detailed below)
Navigate to the user profile page (click "Hi username" in the top right corner and then select "Your Profile")
Scroll down to the bottom and copy the token in the "Plugin Authorization Token" field
In the plugin, when logging into the cove.tool, paste the token copied from the above step into the password field and use the email address associated with the SSO account as the email address
Note that this token is only valid while logged into the application, and it changes each time a user logs into or out of the application for maximum security.
Before using SSO to log into cove.tool, the user's business must already have an account registered with cove.tool. This is typically achieved by an administrator (usually the person responsible for managing the plan or an IT administrator) registering an account with cove.tool (note that it is not necessary for all users on a plan to register an account with cove.tool prior to using SSO; only one initial account is necessary). The domain in the email address (located after the
@ symbol) must match the domain associated with the Microsoft credentials that will be used for SSO.
Note that users who have been using cove.tool prior to the introduction of SSO should be able to use their Microsoft credentials to log in without further configuration (as long as the domain restriction mentioned above is satisfied).
To log in using SSO, navigate to the login page and click the "Sign in with Microsoft" button.
After clicking the "Sign in with Microsoft" button, users will be redirected to Microsoft to enter their credentials or will be prompted to select an account if they are already logged in to their Microsoft account. Note that these credentials are not shared with cove.tool; they are sent only to Microsoft.
Depending on how users' Microsoft accounts are configured, they may be presented with a screen requesting permissions (see attached image below). These are the permissions necessary for us to authenticate the user. After clicking "Accept", if the user is allowed to access the application, they will then be logged in and directed to their Project Dashboard or to fill out their profile (if they are a new user).
Is it possible to grant permissions to all users in my enterprise?
Yes! After a user has logged in using SSO, cove.tool should appear as an Enterprise Application in your Azure Active Directory portal. Selecting the cove.tool application will allow configuring different settings, including global permissions. Selecting "Permissions" under the "Security" settings will allow you to "Grant admin consent for <your domain>", which will prevent users from having to accept permissions upon login.
If a user's account has been deactivated, can they still sign in?
No. If a user's sign in privileges have been blocked in Azure Active Directory, they will also be prevented from signing into cove.tool.
A new user joined my firm; can they access cove.tool?
Yes, if there is a floating license available. When a new user signs in using SSO for the first time, an account will be created for them, and they will be directed to fill out their profile information, after which they can begin using cove.tool.