--- description: Configure SAML 2.0 Single Sign-On with your IdP for Capawesome Cloud. Centralize authentication for mobile teams with Azure AD, Okta, and more. title: Single Sign-On (SSO) for Organizations - Capawesome image: https://capawesome.io/docs/assets/images/social/cloud/organizations/sso/index.png --- [ Skip to content](#single-sign-on-sso) [ 🎉 Introducing **Capawesome Platform** — one platform for Live Updates, Native Builds, App Store Publishing, and Insider SDKs.](https://capawesome.io) * [ Formbricks ](/docs/plugins/formbricks/) * [ Geocoder ](/docs/plugins/geocoder/) * [ Google Sign-In ](/docs/plugins/google-sign-in/) * [ libSQL ](/docs/plugins/libsql/) * [ Live Update ](/docs/plugins/live-update/) * [ Managed Configurations ](/docs/plugins/managed-configurations/) * [ Media Session ](/docs/plugins/media-session/) * [ ML Kit ](/docs/plugins/mlkit/) * [ NFC ](/docs/plugins/nfc/) * [ OAuth ](/docs/plugins/oauth/) * [ Pedometer ](/docs/plugins/pedometer/) * [ Photo Editor ](/docs/plugins/photo-editor/) * [ PostHog ](/docs/plugins/posthog/) * [ Printer ](/docs/plugins/printer/) * [ Purchases ](/docs/plugins/purchases/) * [ RealtimeKit ](/docs/plugins/realtimekit/) * [ Screen Orientation ](/docs/plugins/screen-orientation/) * [ Screenshot ](/docs/plugins/screenshot/) * [ Secure Preferences ](/docs/plugins/secure-preferences/) * [ Speech Recognition ](/docs/plugins/speech-recognition/) * [ Speech Synthesis ](/docs/plugins/speech-synthesis/) * [ Share Target ](/docs/plugins/share-target/) * [ Square Mobile Payments ](/docs/plugins/square-mobile-payments/) * [ SQLite ](/docs/plugins/sqlite/) * [ Superwall ](/docs/plugins/superwall/) * [ Torch ](/docs/plugins/torch/) * [ Wifi ](/docs/plugins/wifi/) * [ Zip ](/docs/plugins/zip/) * [ Cloud ](/docs/cloud/) * [ Live Updates ](/docs/cloud/live-updates/) * Advanced * Integrations * [ Native Builds ](/docs/cloud/native-builds/) * [ Configuration ](/docs/cloud/native-builds/configuration/) * [ Environments ](/docs/cloud/native-builds/environments/) * Guides * [ Sample Projects ](/docs/cloud/native-builds/sample-projects/) * [ Troubleshooting ](/docs/cloud/native-builds/troubleshooting/) * [ Automations ](/docs/cloud/automations/) * [ Assist ](/docs/cloud/assist/) * Account * Organizations * [ Organization and User Management ](/docs/cloud/organizations/memberships/) * [ Single Sign-On (SSO) ](/docs/cloud/organizations/sso/) * [ Teams ](/docs/cloud/organizations/teams/) * [ Two-Factor Authentication ](/docs/cloud/organizations/two-factor-authentication/) * [ Integrations ](/docs/cloud/integrations/) * [ License Keys ](/docs/cloud/license-keys/) * [ Webhooks ](/docs/cloud/webhooks/) * [ Pricing ](https://capawesome.io/pricing/) * [ FAQ ](/docs/cloud/faq/) * [ Support ](/docs/cloud/support/) * [ Contributing ](/docs/contributing/) * [ LLMs ](/docs/llms/) * [ Insiders ](/docs/insiders/) * [ License ](https://capawesome.io/legal/eula/) * [ Support ](/docs/insiders/support/) * [ FAQ ](/docs/insiders/faq/) * [ Blog ](/blog/) * Categories # Single Sign-On (SSO)[¶](#single-sign-on-sso "Permanent link") Capawesome Cloud supports Single Sign-On (SSO), allowing organizations to enforce centralized authentication through their Identity Provider (IdP). With SSO enabled, members of your organization authenticate using your corporate identity management system, providing enhanced security and streamlined access management. Supported Plans SSO is only available for organizations on the **Enterprise** plans with SSO add-on. ## How SSO Works[¶](#how-sso-works "Permanent link") SSO relies on a trust relationship between Capawesome Cloud (the Service Provider, or SP) and your organization's Identity Provider (IdP). When SSO is enabled for your organization, members must authenticate through your IdP to access organization resources: 1. A user attempts to access organization resources in Capawesome Cloud. 2. The user is redirected to your Identity Provider's login page. 3. After successful authentication with the IdP, the user is redirected back to Capawesome Cloud. 4. Capawesome Cloud verifies the authentication response and grants access to the organization. Users are identified by their email address. Make sure that the email address associated with your Identity Provider account matches the email address on your Capawesome Cloud account. ## Supported Protocols[¶](#supported-protocols "Permanent link") Capawesome Cloud supports SAML 2.0 for Single Sign-On. This means you can integrate with any SAML-compliant Identity Provider, including Azure AD (Microsoft Entra ID), Okta, OneLogin, Google Workspace, PingIdentity, and many others. ## Configuration Guides[¶](#configuration-guides "Permanent link") We provide step-by-step configuration guides for the following Identity Providers: | Identity Provider | Documentation | | ----------------------------- | ---------------------------------------------------------------- | | Azure AD (Microsoft Entra ID) | [Configuration Guide](/docs/cloud/organizations/sso/azure-saml/) | If your Identity Provider is not listed above, you can still configure SAML SSO by following the general SAML 2.0 setup process. The required configuration values (Entity ID, Assertion Consumer Service URL, and Sign on URL) are available in your organization's SSO settings. ## Configuring SSO[¶](#configuring-sso "Permanent link") To configure SSO for your organization: 1. Navigate to your [organization settings](https://console.cloud.capawesome.io/organizations/%5F/settings) in the Capawesome Cloud Console. 2. Scroll to the **Single Sign-On (SSO)** section. 3. Follow the configuration guide for your Identity Provider. Only organization owners and admins can configure SSO settings. ## Domain Verification[¶](#domain-verification "Permanent link") After configuring SSO, you must verify ownership of your email domain before members can sign in via SSO. This prevents unauthorized SSO provider registration and ensures only domain owners can enable SSO for their domain. 1. After submitting the SSO configuration, click **Verify domain** in the success notification or in the SSO settings section. 2. Add the displayed **TXT** record to your domain's DNS configuration. Most DNS providers auto-append your domain to the host field. 3. Wait for DNS propagation (this can take up to 48 hours, but is typically much faster). 4. Click **Verify** to confirm domain ownership. Info SSO sign-in is blocked until domain verification is complete. Members can still sign in with their email and password during this time. ## User Provisioning[¶](#user-provisioning "Permanent link") Once SSO is configured and your domain is verified, new users are provisioned automatically — no invitation required. When a user signs in through your Identity Provider with an email address matching your organization's verified SSO domain, Capawesome Cloud will: 1. Create a new user account if one does not already exist. 2. Add the user to your organization with the `member` role. Organization owners and admins can adjust the user's role afterwards if needed. Existing users If a user already has a Capawesome Cloud account with an email that does not match your organization's verified SSO domain, they can enable SSO by updating their email address in their [account settings](https://console.cloud.capawesome.io/settings/account) to one matching the domain. The new email must be verified before SSO sign-in becomes available. ## Requirements[¶](#requirements "Permanent link") Before configuring SSO, ensure you have: * An active Capawesome Cloud organization with an appropriate subscription plan. * Administrator access to your Identity Provider (e.g., Azure AD). * The ability to create and configure enterprise applications in your IdP. * Access to your domain's DNS settings for domain verification. May 1, 2026 Back to top