Purpose
CaseWare offers single sign-on via OpenId integration with Practice Protect. This providers a seamless login experience to CaseWare Cloud, including the desktop app.
Practice Protect will configure this on your behalf. Please send us an email at support@practiceprotect.com
Prerequisites for CaseWare SSO
- Administrator Access in Practice Protect
- Administrator Access to CaseWare Cloud
- Disable Password Expiry & MFA in CaseWare
- List of All Users in CaseWare
Instructions
1. Login to Practice Protect and switch to Admin portal.
2. Go to Roles > Add Role > Under Description, enter the name of the Role on the Name field i.e. “CaseWare Users” or skip if existing role exits.
3. Click on Members > Click Add > Add all CaseWare users and Click Save. All users must be added, otherwise they wont be able to access CaseWare.
4. Click Save and Close the Role.
5. Now Go to Apps > Web Apps > Click on Add Web Apps > Go to Custom > Select OpenID Connect then click Add.
6. Click Yes to add.
7. Close out of the Add section.
8. Set the following fields:
Application ID: CaseWare
Name: CaseWare
Description: CaseWare SSO
Click Save
9. Right Click on the below CaseWare Icon and Save to your desktop.
____________
10. asdsada
11.Generate a Client Secret Password here.
Select, Numbers, Lowercase and Uppercase and set Length to 16. Then click Generate.
Copy the Password
12. Go to Trust, Paste the Generated Password in the Client Secret field. Paste the Client Secret.
13. Click Save.
14.Note down the Client ID, Client Secret and Metadata URL.
14. In a separate browser tab, login to CaseWare Cloud Portal (As Administrator).
(Confirm MFA and Password Expiry is Disabled Before Continuing)
15. From the Cloud menu, select Settings.
16. Select System | Cloud Billing.
17. Select the link to Go to MyCaseWare.
18. Select Licenses from the top menu.
19. Under your license information, select Site Details.
20. Select Activate Single SignOn at the bottom of the Site Details page.
21. From the Cloud menu (), select Settings | Single Sign-On | Identity Provider.
22. On the Identity Provider page, complete the following fields:
Identity provider display name: Practice Protect
Identity provider metadata endpoint: (From Step 14)
Client ID: (From Step 14)
Client secret: (From Step 14)
23. Click Save. Your reply URL will now display.
24. Select the Copy to Clipboard button to copy your reply URL
25. Go back to the Practice Protect App screen.
26. Under Authorized Redirect URIs click Add.
27. Paste the URL from step 24.
28. Under Resource application URL. Add the firms CaseWare Login URL. “https://au.casewarecloud.com/firmname”
29. Confirm both URLs are set and click Save.
30. Go to Tokens
31. Scroll down in the Claims script and replace the default script with the below custom claims. Click Save.
setIssuer(Issuer);
setClaim(‘name’, LoginUser.DisplayName);
setClaim(‘given_name’, LoginUser.FirstName);
setClaim(‘family_name’, LoginUser.LastName);
setClaim(’email’, LoginUser.Email);
32. Go to Permissions
33. Click Add, find the Role created in Step 3 and add it. Then Save.
34. Test SSO by going to your Firms login Page. Click Go to Single Sign-On, the first time will link your account. Once linked you can only sign-in with SSO.
35. Repeat step 34 for all staff.
36. If you require to disable SSO, you must log a support request with CaseWare.