SSO

Suggest Edits

Single Sign-On (SSO) allows users easy access to CAST AI through their existing SSO provider.

Getting started

To start using SSO, you can use Self-Serve Single Sign-On and configure the integration yourself.

This guide describes the process of establishing trust between CAST AI and your identity provider.

Azure AD

This section describes how to set up an Azure AD application and define parameters for calling the Create organization SSO connection to establish SSO trust between CAST AI and the customer-created Azure AD application.

Prerequisites:

Admin access to your Azure AD subscription.

Procedure:

Create an Azure AD application:

In your Azure portal, navigate to Microsoft Entra IDApp RegistrationsNew Registration:

Configure and register a new AD Application:
  1. Give your preferred name to an app registration
  2. Set Supported account type to “Accounts in this organizational directory only (Single tenant)
  3. Set Redirect URI type set to “Web” and as a callback value use “https://login.cast.ai/login/callback“
  4. Click Register app

Under API permissions, make sure that your application has these permissions:

Make a note of the created app registration Application (client) ID:

For a created app registration, add a Client secret:

  1. Under the Certificates & secrets section in the previously created app registration window, select New client secret
  2. Set the description for the secret and set the expiration date for two years.
  3. Note the Secret Value as the secret value is shown only during its creation.

Now you are ready to setup a connection using CAST AI console, go to Organizational profile - > SSO. If you manage your infrastructure with Terraform, you can check this example of creating an SSO connection with the CAST AI Terraform provider.

Okta Workforce Enterprise Connection

This section describes how to set up an Okta OIDC app integration and define parameters for calling Create organization SSO connection to establish SSO trust between CAST AI and the customer-created Okta OIDC app integration.

Prerequisites:

Access to the admin console.

Procedure:

Create and configure Okta OIDC app integration.

In your admin console, navigate to ApplicationsApplications and click on Create App Integration:

  1. Set Sign-in method to "OIDC - OpenID Connect".
  2. Set Application type to "Web Application".
  3. Click Next.
  1. Give your preferred name to the app integration
  2. Set Sign-in redirect URIs to https://login.cast.ai/login/callback.
  3. Set Sign-out redirect URIs type set to https://api.cast.ai/v1/auth/logout.
  4. Set proper Assignments.
  5. Click Save.

Now you are ready to setup a connection using CAST AI console.

📘

Okta App Tile

If your organization is using the Okta App Tile, please configure your app Initiate login URI as below:

https://console.cast.ai/api/sso?auth0returnTo=https://console.cast.ai/api/sso&domain=org-email-domain

CAST AI Console Okta SSO Configration:

  • Navigate to Org Icon - > Manage - > Organizational profile - > SSO.

Input below to create the SSO Connection:

  • Name
  • Email domain
    • Ex: org-name.com (Should be Org email )
  • ID Provider
    • Ex: Okta

Configuration

  • Okta domain
    • Ex: dev-54647164.okta.com (Should be Okta domain )
  • Client ID
    • Ex: 0oaetyl7rpcWVhgrE5d7 (Generated by Okta app creation)
  • Client secret
    • Ex: (Generated by Okta app creation)

Click on Connect and Okta SSO Connection should be successful.

Updated 2 months ago