This article covers:
Single Sign-On or "SSO" is a technology that provides a trusted source for logging into multiple applications. If your organization uses SSO, then you and your colleagues will automatically be logged into connected applications after you've logged into your SSO provider.
SSO providers include Okta, Citrix Workspace, and Duo Security. Providers who support a version of SSO called SAML 2.0 should be compatible with CaseFleet authentication system.
Who Can Access SSO in CaseFleet
CaseFleet's SSO feature is not activated for all accounts. It is generally limited to Enterprise plans, but may also be turned on in certain other circumstances after payment of an implementation fee. The implementation fee ensures that our team is able to help you configure your SSO provider to CaseFleet.
If you're interested in learning more about enabling SSO on your account, email firstname.lastname@example.org.
SSO Provider Configuration
If you use Okta, you do not need to configure your SSO provider because CaseFleet is listed as an Okta app. For other providers, such as Duo, you will need to set up CaseFleet manually.
Generally, you will need to create a new Generic SSO Application inside the admin site for the provider. Simply creating the application will generate most of the values to be entered in the step below, but you will also need to set up one mapped attribute to ensure that the user's email address is mapped to a response attribute called "Email":
Here's what this looks like in Duo:
Steps for Connecting SSO to CaseFleet
Once CaseFleet has activated SSO in your account, visit the Account Settings page. (If you can't access this page, you are not an administrator and will need to have an administrator complete the process.)
Select the tab title "Single Sign-On" from the left-hand menu.
You will now be prompted to fill in three fields. Note: Field names may be slightly different between platforms.
A Single Sign-On URL
This value can be found in the admin panel of your SSO provider.
The Identity Provider (IDP), Entity ID, or Reply URL
Enter "https://api.casefleet.com/saml/acs" here.
Note, the IDP set by your SSO provider must include an “Email” key in the user data sent to the "https://api.casefleet.com/saml/acs" URL. This key should not have any “namespace” but must simply be included as “Email” with a capital “E”.
Some providers will not display the value of the certificate but instead require you to download the certificate as a file with a ".pem" extension. Simply open this file in a text editor such as Notepad, and copy the contents into the Certificate field in CaseFleet.
Before moving on, be sure to double-check that everything has been configured correctly by attempting to log in with single sign-on. You can always update your SSO configuration details by clicking "Edit" on the "Single Sign-On" page in your Account Settings.
Disabling Password Authentication
If you would like to disable password authentication for your account and require SSO for authentication instead, leave the "Require single sign-on to log in" option checked.