Central Authentication Service (CAS) is an SSO protocol that allows users to authenticate once and access multiple applications without signing in to each one individually.
Enterprise administrators can configure and manage CAS integration in Enterprise Management > Third-party Integration. To create users that do not exist in CAS, select Allow built-in users to be created outside the synchronization scope.
Bind user accounts by using one of the following methods:
Automatically bind accounts with the same email address.
Automatically bind accounts with the same login ID.
Automatically bind accounts with the same phone number.
Automatically bind accounts with the same employee ID.
Based on your selected strategy, Qoder CN automatically binds CAS accounts to Qoder CN accounts that share the same attribute value. The attribute you choose must be unique and exist for all users. For example, if you choose to Automatically bind accounts with the same email address, the binding process works as follows:Next, configure user attribute mapping. Qoder CN maps user information based on these mappings.You must specify the Unique Account Identifier, which is the CAS user attribute used to uniquely identify an account. This setting cannot be changed after you submit the configuration. The user attribute mappings are: Name maps to name, login ID (required) maps to user_name, Email maps to email, Mobile maps to mobile, employee ID maps to employId, and Nickname maps to nickname.
Single sign-on is disabled by default during setup. After you enable it, you can configure the following settings:
Configure login callback URL: Copy the provided login callback URL and configure it in your CAS IdP.
Custom configuration: Modify the CAS display name and display icon.
Allow creating a Qoder CN account on first login:
Unchecked by default: Limits binding to only CAS accounts and existing Qoder CN accounts. If a matching Qoder CN account is not found, a new account is not created.
If you select this option, a new Qoder CN account is automatically created and bound when no matching Qoder CN account is found.
The page includes a Focused Login toggle, disabled by default. When enabled, users are automatically redirected from the sign-in page to the CAS login page.You can also save the configuration without enabling single sign-on and enable it later from the CAS integration details page.
After you enable single sign-on, a CAS login option appears on the Qoder CN sign-in page. Users with a bound CAS account can click this option to be redirected to your CAS login page and sign in.
On the CAS integration details page, click View/Modify configuration. In the drawer that appears, you can modify optional user attribute mappings. Other settings cannot be changed.
On the CAS integration details page, if single sign-on is enabled, click Modify service configuration. In the configuration drawer, you can disable single sign-on. After you disable it:
Existing bindings between Qoder CN accounts and CAS accounts are not removed.
CAS-based sign-in is no longer available. To sign in to Qoder CN, use the Qoder CN login ID and password.