Skip to main content
Available for Enterprise customers.

Overview

Once SSO is enabled, members on SSO-approved domains will be required to login via SSO by default, while you can allow other login types for users on other domains. Members can login via your identity provider’s website or by clicking the option to Continue with SSO on the login page.

Configuration Overview

Step 1: Request SSO Setup

Contact your Kadoa account team to initiate SSO configuration. We’ll provide:
  • SAML metadata URL or XML
  • Entity ID
  • SSO URL

Step 2: Configure Your Identity Provider

  1. Create a new SAML application in your IdP
  2. Enter the Kadoa-provided SAML details
  3. Configure attribute mappings:
    • Email (required)
    • First Name (recommended)
    • Last Name (recommended)
  4. Assign users or groups to the application

Just-In-Time (JIT) Provisioning

When a user logs in via SSO for the first time:
  • A new Kadoa account is automatically created
  • Profile information is populated from SAML attributes
  • Default team membership is assigned
  • User role defaults to Member (configurable by admins)