Cigna cloud application

Using Security Assertion Markup Language (SAML), your users can use their Google Cloud credentials to sign in to enterprise-cloud applications.

Set up SSO via SAML for Cigna

Here's how to set up single sign-on (SSO) via SAML for the Cigna® application.

Step 1: Set up Cigna as a SAML 2.0 service provider (SP)
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Security and then Set up single sign-on (SSO).

    To see Security, you might have to click More controls at the bottom. 

  3. Click the Download button to download the Google IdP metadata and the X.509 Certificate.
  4. Cigna support will complete the service provider set-up. Send them the Google IdP metadata and the X.509 Certificate required for SSO setup you downloaded in Step 3.
  5. Proceed to the next section to set up Google as a SAML identity provider (IdP).
Step 2: Set up Google as a SAML identity provider (IdP)
  1. In a new browser tab, 
    Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps and then SAML Apps.

    To see Apps on the Home page, you might have to click More controls at the bottom. 

  3. Click the plus (+) icon in the bottom corner.
  4. Select the Cigna item from the list. The values on the Google IDP Information page automatically populate.
  5. Contact Cigna support to setup Google as a SAML IdP. Once the certificates have been sent by Cigna support upload them into the appropriate service provider Setup fields, and then come back to the admin console and click Next.
  6. In the Basic application information window, the Application name and Description values automatically populate.
  7. Click Next.
Step 3: Enter service provider details in Google Admin console
  1. In the Service Provider Details section, enter the following URLs into the Entity IDACS URL, and Start URL fields:
            ACS URL: https://fsso.cignaenvoy.com/FIM/sps/spsaml20/saml20/login
            Entity ID: https://fsso.cignaenvoy.com/FIM/sps/spsaml20/saml20
            Start URL: Empty
  2. Leave Signed Response unchecked.
    When the Signed Response checkbox is unchecked, only the assertion is signed. When the Signed Response checkbox is checked, the entire response is signed.
  3. The default Name ID is the primary email. Multi-value input is not supported.
  4. Click Next.
  5. Click Add new mapping and map the attribute value "Mailpath" to Basic Information > Primary Email
  6. In the drop-down list, select the Category and User attribute to map the attribute from the Google profile.
  7. Click Finish.
Step 4: Enable the Cigna app
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps and then SAML Apps.

    To see Apps on the Home page, you might have to click More controls at the bottom. 

  3. Select Cigna.
  4. At the top right of the gray box, click Edit Service Compose.

  5. To apply settings to all organizations, click On for everyone or Off for everyone, and then click Save

  6. To apply settings to individual organizational units, do the following: 

    • At the left, select the organizational unit that contains the users whose settings you want to change.
    • To change the setting, select On or Off.
    • To keep the setting the same, even if the parent setting changes, click Override.
    • If the organization's status is already Overridden, choose an option:
      Inherit—Reverts to the same setting as its parent.
      Save—Saves your new setting (even if the parent setting changes).

    Learn more about the organizational structure.

  7. Ensure that your Cigna user account email IDs match those in your Google domain.
Step 5: Verify that the SSO is working
  1. Open https://your-domain-name.cignaenvoy.com. You should be automatically redirected to the Google sign in page.
  2. Enter your sign in credentials.
  3. After your sign in credentials are authenticated you will be automatically redirected back to Cigna.
Was this helpful?
How can we improve it?