Setting up Single Sign-On (SSO)

Note: Single Sign-On is only available on our Enterprise plans. Users with System privilege can set up or manage Single Sing-On settings.

Cascade supports most of the popular single sign-on solutions:

This article is a general instruction on how to configure SSO that is applicable to generic SAML 2.0 implementation. If you are using one of the providers named above, click on the link for a detailed guide of how to configure for the specific provider.

Setting up Single Sign-On with Cascade

To set up single sign-on in Cascade, go to Admin > System > Security.

Setup Steps

Click on "Add Provider".
"Name:" The name the users will see when they sign in. It will be shown as "Login with {Name}"
"Name ID Format:" Depending on your SSO provider, you can find the type in your provider's metadata. Tips: The two most common ones are "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
"Entity ID:" Can be found in the metadata
"Single Sign-On Service URL:" Can be found in the metadata
"Single Sign-Out Service URL:" Can be found in the metadata
"X509 Certificate:": Can be found in the metadata. Make sure the certificate is in the correct format, does not include any spaces or return characters.
Click "Save"
Download the metadata from https://{{instance}}.executestrategy.net/api/v2/identity_providers/1/metadata. Note that every time you configure a SSO settings in Cascade, the metadata URL will be incremented by 1. So if you try for a second time, you will need to download it from https://{{instance}}.executestrategy.net/api/v2/identity_providers/2/metadata
When the set up is complete on the SSO provider side, test the connection and switch it on.
If you need to set up on your identity provider's side first which requires Cascade's metadata, you can create a provider record in Cascade with dummy data, download the metadata first and update the settings afterwards.