# AWS SSO This document will walk you through the steps to add Squadcast to AWS SSO Dashboard and configure SSO with SAML 2.0. Users can use their AWS SSO credentials to sign in to Squadcast via Single Sign-On (SSO). {% hint style="info" %} **Points to Note:** 1\. Only an Account Owner/Administrator can enable and configure SSO for an Organisation in Squadcast.\ \ 2\. Once SSO is enabled, only the **Account Owners can use email-password-based login by default**, although it can be configured to allow **Administrators to use enable email-password-based login** as well. {% endhint %} ## Setup Instructions 1\. Login to `app.squadcast.com` and navigate to **Settings** > **Extensions**. Click the **Configure** button under SSO. ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-50e69d268f4677c4c2e7d8b5ba89af509fd88bca%2Faws_sso_gb_1.png?alt=media) 2\. Select the **Custom SAML 2.0** tab and click **Show configuration guide for Custom SAML 2.0** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-cddfad1e45d4daeb0508b0b5409855fbaccbed84%2Faws_sso_gb_2.png?alt=media) Here, copy the **ACS URL** to use it in your AWS SSO configuration next ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-fef5326b074b76381da9c398ac6a5525391e4f2d%2Faws_sso_gb_3.png?alt=media) 3\. In your AWS account, navigate to **AWS Single Sign-On** From the sidebar, select **Applications** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-b55779e159cd0a49a9fb388f99d08ea17b2e6259%2Faws_sso_3.png?alt=media) 4\. Click on **Add a new application** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-0b892333e17ba35145d972cc27cb88db62ed70ec%2Faws_sso_4.png?alt=media) 5\. Search for **Squadcast**, select it and click on **Add application** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-560daff804c31182c48c7bfe890ceb1134fcbaf8%2Faws_sso_gb_4.png?alt=media) 6\. Next: * In the *Application Details* section, provide a suitable **Name** and an optional **Description** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-c0bf2681c3658e294c2bacfbc34ac891693eec66%2Faws_sso_6_a.png?alt=media) * In the *Application Metadata* section, click on **If you do not have a metadata file, you can manually type your metadata values** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-120e4e9176c9fc0fc7945c396b1c8b5497c7918f%2Faws_sso_6_b_1.png?alt=media) Here, in the placeholders for both **Application ACS URL** and **Application SAML audience**, paste the previously copied ACS URL from Squadcast ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-49a039dfb243cbe200fa32dfc8c301820df3d7ad%2Faws_sso_6_b_2.png?alt=media) * In the *AWS SSO metadata* section, copy the **AWS SSO sign-in URL** and download the **AWS SSO certificate** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-df34e470a8850418b6e85b5f99fe6228e37844a2%2Faws_sso_6_c.png?alt=media) * Click on **Save changes** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-b49a0bfad1556617a79843f08d8429d45c6244d1%2Faws_sso_gb_5.png?alt=media) 7\. Back in Squadcast, in the previously opened modal: * Paste the copied **AWS SSO sign-in URL** under **SAML 2.0 Endpoint** * Copy the contents of the downloaded **AWS SSO certificate** and paste it under **X.509 Certificate** * Enter the domain name of your Organization {% hint style="info" %} **Note:** Make sure to add the **Domain Name** of your Organization, for SSO login to work {% endhint %} * Pick the **Default New User Role** that a newly provisioned user in Squadcast should be assigned by default. This could be either `User`, `Admin` or `Stakeholder` {% hint style="info" %} **Note:** If required, the `User Role` attribute can be modified manually for users later on from the **Users** page in Squadcast {% endhint %} * If you want the Account Owner and/or Admins to be able to login to Squadcast using email-password aside from SSO, enable the checkboxes accordingly * Click on **Save** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-1e74eaf22ce829a50f9d2415f4b76c0a10adbf51%2Faws_sso_gb_6.png?alt=media) 8\. Enable the *toggle* to activate the SSO integration ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-fc2fc72b522e85879db624f5752d6c0e0464edeb%2Faws_sso_gb_7.png?alt=media) 9\. Finally, in AWS SSO: * On the **Applications** page, click on **Squadcast** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-103ff9655abe8d5d4e41f45a8055a55b846585c3%2Faws_sso_9_a.png?alt=media) * Switch to the **Attribute mappings** tab and create mappings as shown in the screenshot below and click on **Save changes** If you can send a custom key, `role` from here, with one of these values `Admin`, `User` or `Stakeholder`, the new user will be added with these roles instead of the default `User Role` configured in Squadcast ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-64a2371e8055d2f5f60b2fd2f90480fe51c2d933%2Fazure_sso_gb_8.png?alt=media) * Switch to **Assigned users** and add your *users* here ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-0183bf0623adf4322713dd0c75753c717866aa4e%2Fazure_sso_gb_9.png?alt=media) {% hint style="info" %} **Note:** Members trying to login to Squadcast through AWS SSO and are not already added as users of Squadcast, will be added to Squadcast by default with `User Role: User`.n {% endhint %} {% hint style="info" %} **Note:** By **default**, all new users added to Squadcast via AWS SSO will be added with **`User Role: User`** anyway. You can add an **Attribute Mapping** to provision **all new users** as `Admins` or `Stakeholders` if you wish to do that. In addition to the previous Attribute Mappings, you can add `User Role` as an Attribute Mapping here, in the same manner, and **Save changes**. * User attribute in the application: role * Maps to this string value or user attribute in AWS SSO: either `Admin` or `Stakeholder` * Format: basic {% endhint %} 10\. From the sidebar, now navigate to **Dashboard**. Here, you will be able to see your **User portal URL** that you can use to login into Squadcast ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-599fa29c8b65d0b29faa656ff3a8a3e73260288a%2Fazure_sso_gb_10.png?alt=media) That is it, your AWS SSO configuration with Squadcast is now complete! *Have any questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.*