1Kosmos (SAML)

The 1Kosmos connector integrates the Maverics Orchestrator with the 1Kosmos BlockID platform — enabling passwordless and identity-verified authentication for your applications.

Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The 1Kosmos connector uses SAML 2.0 to federate authentication with the 1Kosmos BlockID platform — enabling identity-verified, passwordless authentication through the Maverics Orchestrator.

Use Cases

Passwordless authentication — Replace passwords with 1Kosmos BlockID identity-verified authentication, modernizing the sign-on experience across legacy and cloud applications
Identity proofing for high-assurance access — Leverage 1Kosmos document verification and biometric capabilities for high-assurance authentication where compliance or security policies demand strong identity verification
Unify SSO with passwordless across hybrid environments — Route authentication to 1Kosmos alongside other IdPs, extending passwordless access to legacy apps that were never designed for it
Phased IdP rationalization — Gradually migrate users from legacy IdPs to 1Kosmos BlockID, reducing the number of identity platforms and the associated licensing and maintenance costs

Configuration

Console UI
Configuration

To create a 1Kosmos connector in the Maverics Console:

Navigate to Identity Fabric in the Console sidebar.
Click Create and select 1Kosmos (SAML).
Enter a Name — the friendly name that identifies your provider.
Enter the Metadata URL — the URL of the 1Kosmos SAML metadata document.
Enter the Consumer Service (ACS) URL — the Assertion Consumer Service URL where 1Kosmos sends SAML responses.
Enter the Entity ID — the unique identifier for the Service Provider.
Click Save.

maverics.yaml

connectors:
  - name: onekosmos
    type: onekosmos
    domain: "{{ env.ONEKOSMOS_DOMAIN }}"
    samlMetadataURL: "https://{{ env.ONEKOSMOS_DOMAIN }}/saml2/idp/metadata"
    samlConsumerServiceURL: "https://orch.example.com/saml/callback"
    samlEntityID: "https://orch.example.com"
    tls: onekosmos-tls

Configuration Reference

Key	Type	Required	Description
`name`	string	Yes	Unique connector identifier referenced in app policies
`type`	string	Yes	Must be `onekosmos`
`domain`	string	Yes	The 1Kosmos BlockID domain for your organization
`samlMetadataURL`	string	Yes	URL to the 1Kosmos SAML metadata XML
`samlConsumerServiceURL`	string	Yes	Assertion Consumer Service (ACS) URL where 1Kosmos sends SAML responses
`samlEntityID`	string	No	Service Provider entity ID that identifies the Orchestrator to 1Kosmos
`errorPage`	string	No	URL to redirect users to when an error occurs during authentication
`cache`	string	No	Cache name reference for SAML request data storage
`tls`	string	No	Named TLS profile for metadata retrieval and IdP communication

For the complete connector field reference, see Identity Fabric Configuration Reference.

Troubleshooting

Verify the SAML metadata URL is accessible from the Orchestrator host — confirm the 1Kosmos domain is correct and reachable
Ensure the entity ID matches the 1Kosmos configuration — The samlEntityID value must match the trusted Service Provider identifier configured in the 1Kosmos BlockID administration portal
Check the Assertion Consumer Service URL — The samlConsumerServiceURL must match the Orchestrator’s actual callback endpoint. If behind a load balancer, use the external-facing URL.
Verify the domain value — The domain field must match the 1Kosmos BlockID domain assigned to your organization

Identity Fabric

Overview of all identity providers

Generic OIDC

Generic OpenID Connect connector

Generic SAML

Generic SAML 2.0 connector

HYPR

HYPR passwordless authentication connector

Console Administration

Orchestration

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Identity Fabric

Generic OIDC

Generic SAML

HYPR

Console Administration

Orchestration

​Overview

​Use Cases

​Configuration

​Configuration Reference

​Troubleshooting

​Related Pages

Identity Fabric

Generic OIDC

Generic SAML

HYPR

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Related Pages