Sign In to Cobalt

Start the pentest process. Sign in to the Cobalt app.

Learn about your first steps with Cobalt after receiving a welcome email.

Set Up Your Account

Once you’ve received a welcome email from Cobalt, do the following:

Select Sign In in the email.
Create a strong password. To learn more, read our password best practices.

Once you’ve confirmed your email address and created a password, your Cobalt account is fully set up.

Depending on the configurations of your organization, you can sign in to Cobalt in the following ways:

Through SAML single sign-on, if configured. Go to your identity provider system to sign in to Cobalt, or follow a unique URL.
- If your organization has enforced SAML, authentication from the Cobalt Sign In page is not possible.
From the Cobalt Sign In page, with:
- Your email address and password.
- Your Google account with which you were invited to Cobalt.

Tip

If you have problems signing in, see Troubleshoot Sign-in Issues.

SAML SSO

We support identity provider-initiated single sign-on (SSO) based on the Security Assertion Markup Language 2.0 (SAML 2.0) protocol. SAML-based SSO is available to all PtaaS tiers.

Navigate to your identity provider, and select the Cobalt app to authenticate. Depending on the setup, you may need to follow a unique URL.

SAML SSO affects the following roles:

If your organization enforces SAML SSO, you must authenticate only through your identity provider, such as Okta, OneLogin, or Microsoft Azure AD. Authentication from the Cobalt Sign In page is not possible.

Learn more about configuring SAML SSO (for Organization Owners).

Tip

If you can’t sign in through SAML SSO, see our troubleshooting tips.

Two-Factor Authentication

We support two-factor authentication (2FA) for users who sign in with their email and password. If you’re using SAML SSO to sign in, you don’t need to turn on 2FA.

If your organization enforces 2FA for all users, configure it upon signing in.
We recommend that you enable 2FA even if your organization doesn’t enforce it.

Tip

If you have problems signing in with 2FA, see our troubleshooting tips.

Device Verification

When you sign in to Cobalt, we record information about your device to add an extra layer of security to the sign-in process.

If you attempt to sign in from a device that we don’t recognize, we take additional steps to verify your identity before granting you access. This may happen when you:

Sign in from a new browser
Use your browser’s private (incognito) mode
Clear your site data
Sign in from a different system

Tip

If you see the Verify It’s You message upon signing in, follow the steps described in We Don’t Recognize Your Device.

Was this page helpful?

Yes No Create an Issue

Last modified May.05.2023

Sign In to Cobalt

Set Up Your Account

Sign-in Methods

Tip

SAML SSO

Tip

Two-Factor Authentication

Tip

Device Verification

Tip