itopia CAS enhances security and compliance by allowing Organization Owners to enforce authentication by sign-in provider. Deployment Owners have view-only privileges for this setting.
Currently, itopia CAS administrators can authenticate in three ways:
- Local CAS Administration
- Single Sign-on (SSO): Sign in with Google
- Single Sign-on (SSO): Sign in with Microsoft
Organization Owners have the ability to enforce authentication by either SSO provider, or a combination of one SSO provider as well as Local CAS Administration.
The Local CAS Administration means CAS administrators authenticate with credentials stored in CAS.
For either SSO option, the username must match the email address in the chosen SSO provider.
CAS Authentication Configuration
The Deployment Owner accesses the CAS Authentication section by:
- Log into CAS Portal (https://cas.itopia.com/) with Deployment Owner credentials.
- Click on Profile icon in top-right corner and choose Manage Organization from drop-down
- Select General tab and scroll-down to CAS Authentication
- Under Authentication Provider, choose
CAS Administrator Feedback
If a CAS administrator tries to login with a non-compliant username, this is the feedback provided.
CAS Authentication Warning for Deployment Owners
Be careful when changing authentication settings because you can lock yourself out. If you are enabling local CAS authentication and your account doesn't have a local password in CAS, you can perform a password reset from the login screen. However, if you disable local authentication and your username does not match the email address in your SSO provider, you will not be able to log in.
In the near future, itopia will be adding functionality to enforce authentication by an email domain chosen by the itopia account Owner.