Casdoor

UI-first IAM and SSO platform with comprehensive protocol support

Open-source Identity and Access Management platform with web UI supporting OAuth 2.0, OIDC, SAML, LDAP, WebAuthn, MFA, and multiple authentication protocols for centralized user management.

Overview

Modern Identity Management for Every Application

Casdoor is a comprehensive Identity and Access Management (IAM) and Single-Sign-On (SSO) platform designed with a UI-first approach. Built for developers and IT teams who need centralized authentication without vendor lock-in, it provides a complete solution for managing users, organizations, and access control across multiple applications.

Protocol-Agnostic Authentication

The platform supports industry-standard protocols including OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, and RADIUS, enabling seamless integration with existing infrastructure. Modern authentication methods like WebAuthn, TOTP, and multi-factor authentication (MFA) provide robust security, while enterprise integrations with Google Workspace, Active Directory, and Kerberos ensure compatibility with legacy systems.

Flexible Deployment Options

Casdoor can be deployed via source code, Docker, or Kubernetes Helm charts, offering flexibility for different infrastructure requirements. The platform includes a public API with Swagger documentation and SDKs for multiple programming languages, making integration straightforward. With an active community and Apache 2.0 license, teams gain full control over their identity infrastructure while benefiting from ongoing development and support.

Highlights

Comprehensive protocol support: OAuth 2.0, OIDC, SAML, LDAP, SCIM, RADIUS, and CAS

Modern authentication methods including WebAuthn, TOTP, MFA, and Face ID

Enterprise integrations with Google Workspace, Active Directory, and Kerberos

UI-first design with public API and multi-language SDK support

Pros

Extensive protocol support covers most authentication scenarios and legacy systems
Web UI simplifies user and organization management without coding
Multiple deployment options (Docker, Kubernetes, source) fit various infrastructures
Apache 2.0 license provides full control and customization freedom

Considerations

Self-hosted deployment requires infrastructure management and maintenance
Learning curve for configuring multiple protocols and integrations
Community support model may require more troubleshooting effort than commercial alternatives
Documentation spread across multiple protocols may require time to navigate

Managed products teams compare with

When teams consider Casdoor, these hosted platforms usually appear on the same shortlist.

Amazon Cognito

Customer identity and access management service for adding user sign-up, sign-in, and authentication to apps

Auth0

Cloud-based identity management platform for adding user authentication and authorization to applications

Clerk

User authentication and identity APIs for web and mobile apps

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

Organizations needing centralized authentication across multiple applications
Teams requiring specific protocol support (SAML, LDAP, RADIUS) for legacy systems
Developers building multi-tenant SaaS applications with SSO requirements
Enterprises wanting self-hosted IAM without vendor lock-in or per-user pricing

Not ideal when

Teams without infrastructure resources for self-hosted deployment and maintenance
Projects requiring immediate production deployment without configuration time
Organizations needing guaranteed SLA and 24/7 commercial support
Simple applications with basic username/password authentication needs only

How teams use it

Multi-Application SSO for SaaS Platform

Users authenticate once and access multiple internal applications seamlessly using OAuth 2.0 or OIDC, reducing password fatigue and improving security.

Enterprise LDAP and Active Directory Integration

Connect existing corporate directory services to modern web applications, enabling employees to use existing credentials across cloud and on-premise systems.

Multi-Tenant B2B Authentication

Provide customer organizations with dedicated SSO configurations supporting their preferred protocols (SAML, OIDC), enabling enterprise sales and compliance.

Secure API Access with MFA

Protect sensitive APIs and admin panels with multi-factor authentication using TOTP, WebAuthn, or biometric methods while maintaining developer-friendly integration.

Tech snapshot

Go99%

HTML1%

Makefile1%

Less1%

Dockerfile1%

CSS1%

Frequently asked questions

What protocols does Casdoor support?

Casdoor supports OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, RADIUS, WebAuthn, and TOTP. It also integrates with Google Workspace, Active Directory, and Kerberos for enterprise environments.

How do I deploy Casdoor?

Casdoor can be deployed from source code, using Docker containers, or via Kubernetes Helm charts. Documentation for each deployment method is available on the official website.

Does Casdoor provide SDKs for integration?

Yes, Casdoor offers SDKs for multiple programming languages and provides a public API with Swagger documentation for custom integrations.

Is Casdoor suitable for production use?

Casdoor is production-ready and used by organizations worldwide. However, as a self-hosted solution, you are responsible for deployment, scaling, and maintenance of the infrastructure.

What license does Casdoor use?

Casdoor is licensed under Apache 2.0, allowing free use, modification, and distribution for both commercial and non-commercial purposes.

Project at a glance

Active

Visit site View repo

Stars: 12,891
Watchers: 12,891
Forks: 1,539

LicenseApache-2.0

Repo age5 years old

Last commit9 hours ago

Self-hostingSupported

Primary languageGo

Last synced 4 hours ago