# SAML 2.0 based SSO

Squadcast supports any SAML 2.0-based Single Sign-On (SSO) and you can set it for your Organisation by following this integration guide.

{% hint style="info" %}
**Points to Note:**

1\. Only an Administrator / Account Owner can enable and configure SAML SSO for an organisation in Squadcast.\
\
2\. Once enabled, only the Account Owner can use \_email-password based login\_ by default although it can be configured to enable email-based login for Administrators as well.
{% endhint %}

### Setup Instructions <a href="#setup-instructions" id="setup-instructions"></a>

1. Login to <mark style="color:red;">`app.squadcast.com`</mark> and navigate to the **Settings** > **Extensions**. Click the **Configure** button under SSO.

![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-50e69d268f4677c4c2e7d8b5ba89af509fd88bca%2Fsaml_sso_gb_1.png?alt=media)

2\. Select the **Custom SAML 2.0** tab and click **Show configuration guide for Custom SAML 2.0**

![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-24094cd84f53e2c7a55e7b960c51dca6ebd913f9%2Fsaml_sso_gb_2.png?alt=media)

Now, copy the *ACS URL* and paste it into your SSO provider system

![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-ab5f65fa8c2764c64c303de270e7ec13b755b823%2Fsaml_sso_3.png?alt=media)

3\. From your SSO provider’s dashboard, copy the *SAML 2.0 Endpoint* and *X.509 Certificate* and paste them into the relevant fields in the Squadcast set-up modal. Configure other options like the *default* <mark style="color:red;">`User role`</mark>. You can *allow Account Owners and Admins* to also log in using their email credentials *in addition* to SSO. This can be done by checking the box as shown in the screenshot below and make sure to click **Save**

![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-01ba64c7496bdda9ebacbd4bd2b9ac091459b2eb%2Fsaml_sso_gb_4.png?alt=media)

{% hint style="info" %}
**Note:**

Make sure to add the **Domain Name** of your Organization, for SSO login to work
{% endhint %}

4\. You can turn On/Off SSO by *toggling* the button at the top

![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-9b6189d49b1761ad25baf9b121b11cad69af40c2%2Fsaml_sso_gb_5.png?alt=media)

5\. By default, the SSO provider will send *Firstname*, *Lastname* and *Email ID* to Squadcast. If you can send a custom key called <mark style="color:red;">`role`</mark> with one of these values <mark style="color:red;">`Admin`</mark>, <mark style="color:red;">`User`</mark> and <mark style="color:red;">`Stakeholder`</mark>, the user will be created with these roles instead of the default user role configured in the SSO modal in Squadcast

Your SSO Integration is good to go and anyone in your Organisation can now use SSO to login into Squadcast.

The following SAML 2.0-based SSO logins were officially tested and found to be working either by our team or the SSO providers but they should work with all SAML 2.0-based SSO providers.

* [<mark style="color:blue;">Okta</mark>](https://support.squadcast.com/single-sign-on-sso/okta-sso)
* [<mark style="color:blue;">Google SSO</mark>](https://support.squadcast.com/single-sign-on-sso/google-sso)
* [<mark style="color:blue;">AWS SSO</mark>](https://docs.aws.amazon.com/singlesignon/latest/userguide/saasapps.html#saasapps-supported)
* [<mark style="color:blue;">Citrix ADC SAML SSO</mark>](https://docs.citrix.com/en-us/citrix-adc/13/aaa-tm/authentication-methods/saml-authentication/saml-sign-sign-on.html)

This is the officially tested list but any SAML **2.0-based** SSO should work with Squadcast.

*Have any questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.*