Single Sign-On (SSO): Frequently asked questions (FAQ)
Single Sign-On (SSO) is the ability to use an Identity Provider (IDP) to log into Cashflow360.
Jump to:
- Who is eligible for SSO?
- How will SSO work with Cashflow360?
- Which identity providers (IDPs) are supported?
- What do I need to provide to have the SSO feature enabled?
- What is the cost to enable SSO?
- Is data shared between my identity provider and Okta?
- Who should I inform about the SSO feature once it's enabled?
- Will SSO work on the mobile app?
- What happens if I remove a user from our identity provider?
- How do I remove SSO if we change our mind?
Who is eligible for SSO?
You can add SSO if you are a collaborator on a Cashflow360 account.
How will SSO work with Cashflow360?
Once SSO is enabled: All users with login email addresses on the domain you provide us to allow will log into Cashflow360 through SSO Users with an email address with a different domain will log in the same way they do today, from the Cashflow360 login page
Which identity providers (IDPs) are supported?
Examples of IDPs we support include: Okta Google GSuite Microsoft Azure Active Directory OneLogin Ping Duo CyberArk Digital Resolve JumpCloud SecureAuth There are some other identity providers that can be supported, but we don’t support identity providers using OAuth 1.0.
What do I need to provide to have the SSO feature enabled?
Security Assertion Markup Language (SAML) IDPs (Okta, GSuite, Microsoft Azure) IDP username IDP single-sign on URL IDP issuer URI i.e. EntityId IDP issuer certificate To support just-in-time provisioning, firstName, lastName, email, and NameID (same as email) all need to be configured in your IDP as part of the SAML assertion OpenID Connect (OIDC) IDPs Client ID Client Secret Scopestd Well-known Endpoint
What is the cost to enable SSO?
There is no cost to enable SSO.
Is data shared between my identity provider and Okta?
There's no personal data shared between the identity provider and Okta directly other than attributes that help identify the user. These attributes are part of an SAML assertion (XML document) that's sent to Okta in a secure manner.
Who should I inform about the SSO feature once it's enabled?
Inform all users on your Cashflow360 account with the allowed domain you provide us, they'll need to sign into Cashflow360 using SSO after implementation of the feature
Will SSO work on the mobile app?
Yes, once SSO is implemented, it'll also apply to the Cashflow360 mobile app. You'll need to have the most recent version of the mobile app.
What happens if I remove a user from our identity provider?
If the user has the allowed domain for their login email, that user won't be able to log into your Cashflow360 account
How do I remove SSO if we change our mind?
Contact Customer Support by selecting the Contact Us on this page Once the SSO feature is removed, If you’ve never logged into Cashflow360 using a password before, you'll need to trigger a password reset from the Cashflow360 login page to create a password to be able to log into Cashflow360 again If you’ve created a password before, your prior password will still work
Please Note: SSO can only be turned off for the entire email domain that was initially setup for SSO. We cannot exclude specific accounts or users from SSO once it has been enabled for an entire email domain.
ACCOUNT SETUP View all