As organizations scale their cloud-native infrastructure, managing access control becomes a time-consuming and often error-prone task. Every new cluster, feature, or team requires manual configuration and updating permissions.
When employees join, switch roles, or leave, administrators must quickly ensure that their access rights on all platforms, including Cast AI, align with the company’s security rules.
At Cast AI, we believe your time is best spent automating infrastructure, not administrating accounts. That’s why we’re excited to announce the launch of Identity Provider (IdP) User Groups Sync.
Before we dive into this feature, let’s quickly recap the problem it solves.
Relying on manual processes for user and group management is a bad idea
Teams that use manual user and group management will inevitably encounter challenges like:
- Security Gaps – Delays in revoking access for departing employees or updating permissions for internal moves.
- Wasted Engineering Time – Cloud engineers spend time on permissions management instead of innovation.
- Inconsistency – Permissions drifting out of sync with the official company Identity Provider (IdP).
Your IdP as the single source of truth
Cast AI’s new IdP User Groups Sync feature solves the pain of manual access control by integrating directly with your Identity Provider (IdP), such as Okta or Azure AD.
This new capability allows Cast AI to automatically mirror your existing user groups from your IdP directly into Cast AI user groups. Your organization’s standard for security and access becomes the single, authoritative source for managing who has access to your organization or clusters, as well as optimization settings within Cast AI.
How IdP User Groups Sync works
The IdP User Groups Sync feature establishes a secure connection between your IdP and the Cast AI platform, enforcing near real-time consistency for all access controls:
- Selective syncing – You can choose which user groups from your IdP (e.g., “Admins,” “Engineering Team”) are synchronized to Cast AI, ensuring that only relevant teams are granted access.
- Near real-time provisioning – When a user is added to a synchronized group on the IdP side, they are automatically provisioned and assigned the corresponding groups in Cast AI. The only delay may appear due to the IdP’s defined sync cycle.
- Automated user lifecycle – Deactivating a user within your IdP is automatically synced. This action revokes the user in Cast AI and automatically deactivates any API keys they created. This eliminates potential backdoors and significantly tightens security around infrastructure access.
- Consistency – When group memberships change in your IdP, those updates are immediately propagated to Cast AI.
By automating this entire lifecycle – from provisioning to deactivation – User Groups Sync eliminates security risks and dramatically reduces administrative overhead.
The four pillars of Cast AI’s Group Sync
This feature isn’t just about convenience. We created it to fundamentally enhance your security posture and operational efficiency.
Automation: eliminate manual steps
Say goodbye to the tedious process of recreating groups and adding users one by one in Cast AI. The sync process runs continuously in the background, freeing up your security and engineering teams to focus on higher-value tasks.
Security: enforce corporate access policies
Ensure that access to sensitive cloud optimization and management controls always aligns with your company’s established security rules. Automated sync prevents human error and significantly reduces the window for potential security threats due to delayed permission updates.
Consistency: never drift out of sync
Your IdP is your source of truth. By mirroring groups directly, you guarantee that permission structures within Cast AI remain consistent with changes across your entire organization, making audits and compliance significantly easier.
Scalability: ready for enterprise adoption
Whether you are onboarding one new team or managing hundreds of engineers across multiple departments, IdP User Groups Sync makes scaling access permissions simple and immediate.
Start automating User Group management today
The new IdP User Groups Sync feature is now available for customers using Okta or Azure (Entra) Identity Providers. To configure Group Sync for your organization and transform your user management workflow, follow the official documentation: IdP User Groups Sync.
Ready to streamline user access?
Sync your IdP groups with Cast AI and keep permissions aligned automatically.
