SSO

Suggest Edits

Single Sign-On (SSO) allows users easy access to CAST AI through their existing SSO provider.

Getting started

To start using SSO, you can use Self-Serve Single Sign-On and configure the integration yourself.

This guide describes the process of establishing trust between CAST AI and your identity provider.

Azure AD

This section describes setting up an Azure AD application and defining parameters for calling the Create organization SSO connection to establish SSO trust between CAST AI and the customer-created Azure AD application.

Prerequisites

Admin access to your Azure AD subscription.

Instructions

Create an Azure AD application

In your Azure portal, navigate to Microsoft Entra IDApp RegistrationsNew Registration:

Register a new AD Application

  1. Give your preferred name to an app registration
  2. Set Supported account type to Accounts in this organizational directory only (Single tenant)
  3. Set Redirect URI type to Web, and as a callback value, use <https://login.cast.ai/login/callback>
  4. Click Register

Configure the new AD Application

  1. Under API permissions, make sure that your application has these permissions:
  1. Make a note of the created app registration Application (client) ID:
Add a Client secret for the created app registration
  1. Under the Certificates & secrets section in the previously created app registration window, select New client secret
  2. Set the description for the secret and set the expiration date for two years.
  3. Note and securely store the Secret Value as it is shown only during creation.

Now, you can set up a connection using CAST AI console. Go to Organizational profile - > SSO in the CAST AI console.

📘

Office 365 App

If your organization is using the Office 365 App, please configure your app Initiate login URI as below:
https://console.cast.ai/api/sso?auth0returnTo=https://console.cast.ai/api/sso&domain=org-email-domain

Terraform

If you manage your infrastructure with Terraform, you can check this example of creating an SSO connection with the CAST AI Terraform provider.

Okta Workforce Enterprise Connection

This section describes setting up an Okta OIDC app integration and defining parameters for calling Create organization SSO connection to establish SSO trust between CAST AI and the customer-created Okta OIDC app integration.

Prerequisites

Access to the OKTA admin console.

Instructions

Create a new Okta OIDC app integration

  1. In your admin console, navigate to ApplicationsApplications and click on Create App Integration:
  1. Set Sign-in method and Application type:
OptionType
Sign-in methodOIDC - OpenID Connect
Application typeWeb Application
  1. Click Next

Configure the OKTA app integration

  1. Give your preferred name to the app integration
  2. Set Sign-in redirect URIs to <https://login.cast.ai/login/callback>
  3. Set Sign-out redirect URIs type to <https://api.cast.ai/v1/auth/logout>
  4. Set proper Assignments
  5. Click Save

Now, you can set up a connection using the CAST AI console.

📘

Okta App Tile

If your organization is using the Okta App Tile, please configure your app Initiate login URI as such:
https://console.cast.ai/api/sso?auth0returnTo=https://console.cast.ai/api/sso&domain=org-email-domain

CAST AI Console Okta SSO Configuration:

Navigate to Org Icon - > Manage - > Organizational profile - > SSO.

To create an SSO Connection using Okta in the CAST AI console, follow these steps:

  1. Gather the following information:

    • Connection Name
    • Email Domain (e.g., your-organization.com)
    • (Optional) Additional Email Domains (e.g., your-organization.co.uk, your-organization-service.eu)
    • Identity Provider (Okta)

  2. Prepare the Okta Configuration details:

    • Okta Domain (e.g., dev-12345678.okta.com)
    • Client ID (generated during Okta app creation)
    • Client Secret (generated during Okta app creation)

  3. Enter the information in the SSO Connection form:

    SSO Connection Form

    📘

    Note

    Ensure you use your organization's email domain(-s) and the correct Okta domain.

  4. After filling in all required fields, click the Connect button.

  5. If all information is correct, your Okta SSO Connection should be successfully established.

Remember to double-check all entered information before submitting to avoid connection issues. If you encounter any problems, verify your Okta configuration and try again.

Multiple Email Domains Support

CAST AI supports configuring multiple email domains for your SSO connection. This feature is available through three methods:

CAST AI Console

When setting up your SSO connection in the CAST AI console, you can now add multiple email domains in the configuration form. Enter your primary email domain and any additional domains in the provided fields, which are optional.

API

To configure multiple email domains using the CAST AI API, use the Create organization SSO connection endpoint. Include all additional email domains in the additionalEmailDomains array of the request body:

{
  "name": "CAST AI SSO",
  "emailDomain": "cast.ai",
  "additionalEmailDomains": [
    "cast-ai.com",
    "cast-ai-service.com"
  ],
}

Terraform

If you manage your infrastructure with Terraform, you can configure multiple email domains using the CAST AI Terraform provider. Update your Terraform configuration to include all desired email domains.

Updated 15 days ago