SSO overview

Configure single sign-on authentication for Cased CD Enterprise

Cased CD Enterprise supports SSO authentication via OIDC providers, allowing your team to log in with their existing identity provider credentials.

Supported providers

AWS Cognito Direct OAuth with Authorization Code flow

Okta Standard OIDC integration

Auth0

Standard OIDC integration via ArgoCD

Azure AD

Standard OIDC integration via ArgoCD

Google

Standard OIDC integration via ArgoCD

How it works

Cased CD uses the Authorization Code flow for secure browser-based authentication:

1. User clicks “Sign in with [Provider]” on the login page
2. Browser redirects to your identity provider
3. User authenticates with their credentials
4. Provider redirects back with an authorization code
5. Cased CD exchanges the code for tokens
6. User is logged in

Tip

Authorization Code flow is more secure than Implicit flow because tokens are never exposed in the browser URL.

Basic authentication

Cased CD also supports basic username/password authentication using ArgoCD’s built-in accounts:

# Get the admin password
kubectl -n argocd get secret argocd-initial-admin-secret \
  -o jsonpath="{.data.password}" | base64 -d

Log in with:

• Username: admin
• Password: (from command above)

SSO + groups

When using SSO, user group membership can be managed in your identity provider:

1. Create groups in your IdP (e.g., developers, admins)
2. Assign users to groups
3. Define RBAC policies for those groups in ArgoCD
4. Users inherit permissions from their groups automatically

See Groups for more details.

Next steps

• Set up AWS Cognito SSO
• Set up Okta SSO
• Configure RBAC groups