Skip to content

Single Sign-On (SSO)

Capawesome Cloud supports Single Sign-On (SSO), allowing organizations to enforce centralized authentication through their Identity Provider (IdP). With SSO enabled, members of your organization authenticate using your corporate identity management system, providing enhanced security and streamlined access management.

Supported Plans

SSO is only available for organizations on the Enterprise plans with SSO add-on.

How SSO Works

SSO relies on a trust relationship between Capawesome Cloud (the Service Provider, or SP) and your organization's Identity Provider (IdP). When SSO is enabled for your organization, members must authenticate through your IdP to access organization resources:

  1. A user attempts to access organization resources in Capawesome Cloud.
  2. The user is redirected to your Identity Provider's login page.
  3. After successful authentication with the IdP, the user is redirected back to Capawesome Cloud.
  4. Capawesome Cloud verifies the authentication response and grants access to the organization.

Users are identified by their email address. Make sure that the email address associated with your Identity Provider account matches the email address on your Capawesome Cloud account.

Supported Protocols

Capawesome Cloud supports SAML 2.0 for Single Sign-On. This means you can integrate with any SAML-compliant Identity Provider, including Azure AD (Microsoft Entra ID), Okta, OneLogin, Google Workspace, PingIdentity, and many others.

Configuration Guides

We provide step-by-step configuration guides for the following Identity Providers:

Identity Provider Documentation
Azure AD (Microsoft Entra ID) Configuration Guide

If your Identity Provider is not listed above, you can still configure SAML SSO by following the general SAML 2.0 setup process. The required configuration values (Entity ID, Assertion Consumer Service URL, and Sign on URL) are available in your organization's SSO settings.

Configuring SSO

To configure SSO for your organization:

  1. Navigate to your organization settings in the Capawesome Cloud Console.
  2. Scroll to the Single Sign-On (SSO) section.
  3. Follow the configuration guide for your Identity Provider.

Only organization owners and admins can configure SSO settings.

Requirements

Before configuring SSO, ensure you have:

  • An active Capawesome Cloud organization with an appropriate subscription plan.
  • Administrator access to your Identity Provider (e.g., Azure AD).
  • The ability to create and configure enterprise applications in your IdP.