LiveEnterprise SSO
Live for Enterprise SSO-entitled workspaces
SAML SSO
Use this guide for Enterprise SSO-entitled workspaces.
Before you start
- Confirm the workspace is entitled for Enterprise SSO.
- Confirm an owner/admin has break-glass access outside the identity provider.
- Collect the identity provider metadata, certificate, entity ID, and SSO URL.
- Confirm the email claim matches Cadence user email addresses.
Configure SAML
- Open Admin.
- Select SSO.
- Choose SAML.
- Enter the identity provider metadata values.
- Save the configuration.
- Run the validation check.
- Test login in a fresh browser session before enforcing SSO for the workspace.
Verify
- A tenant member can sign in through the identity provider.
- A disabled or unauthorized identity provider user cannot access the workspace.
- Break-glass owner/admin access remains available.
Boundary
SCIM provisioning is roadmap-labeled and should not be described as live account provisioning.