itopia CAS enhances security and compliance by allowing Organization Owners to enforce authentication by sign-in provider. Deployment Owners have view-only privileges for this setting.

Currently, itopia CAS administrators can authenticate in three ways:

  • Local CAS Administration
  • Single Sign-on (SSO): Sign in with Google
  • Single Sign-on (SSO): Sign in with Microsoft

Organization Owners have the ability to enforce authentication by either SSO provider, or a combination of one SSO provider as well as Local CAS Administration.

The Local CAS Administration means CAS administrators authenticate with credentials stored in CAS.

For either SSO option, the username must match the email address in the chosen SSO provider.

CAS Authentication Configuration

The Deployment Owner accesses the CAS Authentication section by:

  1. Log into CAS Portal (https://cas.itopia.com/) with Deployment Owner credentials.
  2. Click on Profile icon in top-right corner and choose Manage Organization from drop-down
  3. Select General tab and scroll-down to CAS Authentication
  4. Under Authentication Provider, choose

CAS Administrator Feedback

If a CAS administrator tries to login with a non-compliant username, this is the feedback provided.

CAS Authentication Warning for Deployment Owners

Be careful when changing authentication settings because you can lock yourself out. If you are enabling local CAS authentication and your account doesn't have a local password in CAS, you can perform a password reset from the login screen. However, if you disable local authentication and your username does not match the email address in your SSO provider, you will not be able to log in.

Future Enhancements


In the near future, itopia will be adding functionality to enforce authentication by an email domain chosen by the itopia account Owner.

Related Articles

Convenience and security with G Suite SSO

Security and convenience of Microsoft Office 365 SSO

Create/Delete/Administer CAS Admins

Did this answer your question?