Note: Single Sign-On is only available on our Enterprise plans. Users with System privilege can set up or manage Single Sing-On settings.

Cascade supports most of the popular single sign-on solutions:

This article is a general instruction on how to configure SSO that is applicable to generic SAML 2.0 implementation. If you are using one of the providers named above, click on the link for a detailed guide of how to configure for the specific provider.

Setting up Single Sign-On with Cascade

To set up single sign-on in Cascade, go to Admin > System > Security.

Setup Steps

  • Click on "Add Provider".
  • "Name:" The name the users will see when they sign in. It will be shown as "Login with {Name}"
  •  "Name ID Format:" Depending on your SSO provider, you can find the type in your provider's metadata. Tips: The two most common ones are "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
  • "Entity ID:" Can be found in the metadata
  • "Single Sign-On Service URL:" Can be found in the metadata
  • "Single Sign-Out Service URL:" Can be found in the metadata
  • "X509 Certificate:": Can be found in the metadata. Make sure the certificate is in the correct format, does not include any spaces or return characters.
  • Click "Save"
  • Download the metadata from https://{{instance}} Note that every time you configure a SSO settings in Cascade, the metadata URL will be incremented by 1. So if you try for a second time, you will need to download it from https://{{instance}}
  • When the set up is complete on the SSO provider side, test the connection and switch it on.
  • If you need to set up on your identity provider's side first which requires Cascade's metadata, you can create a provider record in Cascade with dummy data, download the metadata first and update the settings afterwards.

Did this answer your question?