Skip to main content

Single Sign On

Learn how to use Single Sign On for CAVO® User Authentication

Emily McMakin avatar
Written by Emily McMakin
Updated over 4 years ago

Single Sign on allows your users to access CAVO® while keeping authentication and group policies within your enterprise control. In order to move forward, we need to know which vendor you are using for your Single Sign On since we are able to accommodate a variety of methods.

Roles

All new users will be assigned the lowest role: analyst. The supervisior has the ability to upgrade their role via the User Modal to QA or Supervisor.

See also:

User Roles

Common SSO Methods

While we have access to many SSO methods, this document will present the most common:

  • SAMLP Identity Provider

  • Active Directory / LDAP

SAMLP Identity Provider

Under this method, your users will reach out to the CAVO® instance. If the user is unauthenticated, we will reach out to your Sign In URL (provided by you). Your endpoint will then authenticate the user and respond back to us. We will validate your endpoint with your X.509 Signing certificate. You will send this to us during the setup process. We will then provide a token to your end users' browser which will be valid for a 12 hour period. Once this token expires, your users will need to repeat this authentication process. This all happens in just a few seconds for your end users.

X.509 Signing Certificate (in .pem form)
Cavo.pem 

IDP Entity ID
urn:auth0:adventhp

Service Provider Entity ID (SP Entity ID  / sometimes referred to as Audience)
urn:auth0:adventhp:{{instance}}-ad

Assertion Consumer Service URL
https://adventhp.auth0.com/login/callback?connection={{instance}}-ad 

Login URL:
https://{{instance}}.cavo.io

Logout URL:
https://adventhp.auth0.com/logout 

SAML Version
2.0 

Skew Time
30 seconds 

HTTP-Post
true 

User Attribute Mapping

We require the following attributes to be sent exactly as shown from your SSO to us. We will confirm proper mapping during final setup.

First Name
given_name 

Last Name
family_name 

Email Address
email 

Phone Number
phone_number 

Full Name  Join(given_name," ",family_name)
name  

Active Directory / LDAP

Once you are ready, we will provide your team with a URL. This URL comes from Auth0 and will direct you to run a Windows Installer followed by entering a target URL.

The screenshot below shows an example of how to properly connect an Active Directory Server to your CAVO® instance. The previously mentioned installer will fill in the appropriate values for your AD Server.

Did this answer your question?