Overview

Single sign-on allows users to use one set of credentials (username and password) to sign in to multiple programs or systems. For example, a user can sign in to Cascade using their google email and password. Cascade supports most of the popular single sign-on solutions:

This article contains a general description of how to configure SSO which is applicable to a generic SAML 2.0 implementation. If you are using one of the providers named above, click the link for a detailed guide of how to configure that specific provider.

Single sign-on comes as standard on all Enterprise plans, and can be bought as a paid add-on for Basic and Pro plans. If the settings look a little daunting, don’t worry we can guide you every step of the way – just reach out to support@executestrategy.net.

Setting up Single Sign-On with Cascade

To set up single sign-on in Cascade, go to Admin > System > Security. If you can't see the "SINGLE SIGN-ON" option, please contact us. You must have access to the metadata from your SSO provider to complete the set up.

Setup

  • Click "Add Provider".
  • "Name:" The name the users will see when they sign in. It will be shown as "Login with {Name}"
  • "Type:" The SSO provider 
  •  "Name ID Format:" Depending on your SSO provider, it should mention the type in the metadata. Tip: The two most common ones are "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
  • "Entity ID:" Should be found in the metadata
  • "Single Sign-On Service URL:" Should be found in the metadata
  • "Single Sign-Out Service URL:" Should be found in the metadata
  • "X509 Certificate:": Should be found in the metadata. Make sure the certificate does not include any spaces or return characters.
  • Click "Save"
  • Download the metadata from https://{{instance}}.executestrategy.net/api/v2/identity_providers/1/metadata - Note you must be logged in as a user with the "System" privilege to download metadata* from Cascade. 
  • When the set up is complete on the SSO provider side, switch it on.

*Every time you try to configure SSO in Cascade, the metadata URL will be incremented by 1. So if you try for a second time, you will need to download it from https://{{instance}}.executestrategy.net/api/v2/identity_providers/2/metadata

Did this answer your question?