Note: Single Sign-On is only available on our Enterprise plans. Users with System privilege can set up or manage Single Sing-On settings.
Cascade supports most of the popular single sign-on solutions:
- Microsoft Active Directory / ADFS
- Microsoft Azure
- Google GSuite
- Okta
- SAML 2.0 (this article)
This article is a general instruction on how to configure SSO that is applicable to generic SAML 2.0 implementation. If you are using one of the providers named above, click on the link for a detailed guide of how to configure for the specific provider.
Setting up Single Sign-On with Cascade
To set up single sign-on in Cascade, go to Admin > System > Security.
Setup Steps
- Click on "Add Provider".
- "Name:" The name the users will see when they sign in. It will be shown as "Login with {Name}"
- "Name ID Format:" Depending on your SSO provider, you can find the type in your provider's metadata. Tips: The two most common ones are "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
- "Entity ID:" Can be found in the metadata
- "Single Sign-On Service URL:" Can be found in the metadata
- "Single Sign-Out Service URL:" Can be found in the metadata
- "X509 Certificate:": Can be found in the metadata. Make sure the certificate is in the correct format, does not include any spaces or return characters.
- Click "Save"
- Download the metadata from https://{{instance}}.executestrategy.net/api/v2/identity_providers/1/metadata. Note that every time you configure a SSO settings in Cascade, the metadata URL will be incremented by 1. So if you try for a second time, you will need to download it from https://{{instance}}.executestrategy.net/api/v2/identity_providers/2/metadata
- When the set up is complete on the SSO provider side, test the connection and switch it on.
- If you need to set up on your identity provider's side first which requires Cascade's metadata, you can create a provider record in Cascade with dummy data, download the metadata first and update the settings afterwards.