How to enable Single Sign-On (SSO) for your organization
Single Sign-On (SSO) allows your team members to access Cassidy using their existing credentials from your organization's identity provider. This feature is available for enterprise customers only. To learn more about enabling SSO for your organization, please contact our sales team.
To enable SSO for your organization, follow these steps:
Open Organization Settings: Click on your name in the bottom left of the sidebar, then click the settings icon for your organization.
Navigate to Single Sign-On: In the Organization Settings window, click the Single Sign-On tab on the left side of the screen.
Initiate the SSO setup: Click the "Enable Single Sign-On" button. A modal will appear with fields to configure your SSO settings.
Set up your identity provider: Open a new tab and log in to your identity provider's admin console (e.g., Okta). The following steps are based on Okta, but the process may vary slightly for other identity providers.
Create a new app: In your identity provider's admin console, navigate to the Applications section and click "Create App Integration."
Choose SAML 2.0: Select "SAML 2.0" as the sign-in method and click "Next."
Configure the general app settings: Fill out the general settings, such as the app name, and proceed to the next step.
Configure the SAML settings: In the SAML settings, enter the Single sign-on URL and Audience URI (SP Entity ID) using the Service Provider Sign-In URL (ACS Endpoint) and Service Provider Issuer (Entity ID), respectively. You can copy these values from the modal in your Cassidy tab. Leave the remaining general settings as their defaults.
Add attribute statements: Configure the following attribute statements:
Name: "email", Value: user.email (mandatory)
Name: "firstName", Value: user.firstName (recommended)
Name: "lastName", Value: user.lastName (recommended)
Activate the app: Click "Next," fill in feedback if desired, and click "Next" again. Your app should now be created and active.
Assign the app to users or groups: After creating the app, navigate to the Assignments tab and click "Assign." Select either "Assign to People" or "Assign to Groups," depending on your preference. Click "Assign" on the desired people or groups, then click "Done."
Copy the SAML 2.0 details: Under the Sign On tab of the application, go to the Settings section and click "More details" for the SAML 2.0 sign on method. Copy the "Sign on URL," "Issuer," and "Signing Certificate" from your identity provider to the corresponding fields in the Cassidy modal: "Identity Provider Single Sign-On URL," "Identity Provider Issuer (Entity ID)," and "Identity Provider Public Certificate."
Verify and enable SSO: In the Cassidy modal, click "Verify and Enable" to complete the SSO configuration.
Add a verified domain: Click "Add Verified Domain".
Enter your domain name: Enter your organization's domain name and click "Add Domain."
Initiate domain verification: Click "Verify Domain" next to the pending domain.
Add the TXT record: Add the provided TXT record to your domain. Once the record has propagated (which can take up to 24 hours), click "Verify."
Confirm successful verification: Once the TXT record has been verified, you'll see the domain status change to verified, indicating that your organization has successfully enabled Single Sign-On.
After completing these steps, your organization will have Single Sign-On enabled, allowing your team members to access Cassidy using their existing credentials from your identity provider.