Single sign-on (SSO) allows users to access multiple applications using a single set of login credentials. Kochava enables clients to integrate their SSO system with the Kochava UI, allowing users to sign in with their existing organization credentials.
After integration, users enter their email in the Kochava login screen and are redirected to the client’s SSO provider for authentication. Once verified, they are returned to the Kochava UI.
User accounts are managed through the client’s SSO system and automatically created in Kochava during the SSO handshake. This is a one-way process—users created in Kochava are not propagated back to the SSO system. To revoke access for an SSO-connected user, clients should do so within their SSO system, though Kochava can also disable access if needed.
OpenID Connect
- Create an OAuth2 client for Kochava’s application with the “Authorization Code” grant type.
NOTE: This will generate a Client ID and Client Secret for Kochava — these credentials should be shared with the Kochava team.
- Share the OAuth2 issuer URL of the Identity Provider (IDP) with the Kochava team.
Example: https://.onelogin.com/oidc/2
- Enable the following scopes: openid, email, and profile.
- Configure the redirect URL (to be provided by the Kochava team) in the OAuth2 client settings. (https://iam.kochava.com/identity/public/self-service/methods/oidc/callback/*******)
- Claims & Mapping — Kochava expects the following claims in the ID token / userinfo response. Share your IDP field names with Kochava.
| Kochava Field | Required | IDP Field |
|---|---|---|
| ✅ | ||
| first_name | ✅ | given_name |
| last_name | ✅ | family_name |