Note: Single Sign-On is only available on our Enterprise plans. Users with System permission can set up or manage Single Sign-On settings.
Note: Setting up SSO is an account wide setup. Once set up correctly, it will apply to all users in the account.
Cascade supports most of the popular single sign-on solutions:
-
SAML 2.0 (this article)
This article is a general instruction on how to configure SSO that is applicable to generic SAML 2.0 implementation. If you are using one of the providers named above, click on the link for a detailed guide of how to configure for the specific provider.
Setting up Single Sign-On with Cascade
To set up single sign-on in Cascade, go to Profile > System > Security.
Setup Steps
-
Click on "Add Provider".
-
"Name:" The name the users will see when they sign in. It will be shown as "Login with {Name}"
-
"Name ID Format:" Depending on your SSO provider, you can find the type in your provider's metadata file. Tips: The two most common ones are "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-
"Entity ID:" Can be found in the metadata file
-
"Single Sign-On Service URL:" Can be found in the metadata file
-
"Single Sign-Out Service URL:" Can be found in the metadata file
-
"X509 Certificate:": Can be found in the metadata file. Make sure the certificate is in the correct format, does not include any spaces or return characters.
-
Click "Save"
-
Download the metadata using the metadata "Download" button from the Security web page.
-
When the set up is complete on the SSO provider side, test the connection and click "Enable".
-
If you need to set up on your identity provider's side first which requires Cascade's metadata, you can create a provider record in Cascade with dummy data, download the metadata first and update the settings afterwards.
Tip: Make sure the usernames between your SSO provider match the usernames in Cascade. Typically, the username will be the work emails. Username capitalization must be matched!