Enable Single Sign-On from Okta to your Canary Console with these steps.
Step 1: Create a support request to enable SAML
Drop us a note at firstname.lastname@example.org to enable SAML and we’ll get your Console ready.
We'll enable SAML support on your Console which will generate the parameters you need.
Step 2: Log in to your Canary Console and copy the SAML parameters
Login to your Console, click the green Gear Icon on the top right hand side of your screen, select "Global Settings" and scroll down to the SAML section at the bottom of the page. You will find the info for your Console (pictured below) that you'll need for Step 6 of the process:
Step 3: Log in to Okta and click "Admin" to get to the administration page
Step 4: Ensure you're in the Classic View
Look at the top left of your Okta page. If it shows "Developer Console", you need to switch to "Classic UI". Click on "Developer Console" and select "Classic UI".
Step 5: Launch the SAML Wizard
Click "Applications" then "Applications":
Then click "Add Application":
Then click "Create New App":
From the options, select "SAML 2.0" and click "Create":
Step 6: Enter SAML details
Choose a name for your Okta Canary application and click "Next":
On the second step, paste your ACS URL from Step 2 above in the "Single sign-on URL" field, paste the SP Entity ID from Step 2 into the right field, and make sure the "Name ID format" and "Application username" are set to "EmailAddress" and "Email" respectively.
Click "Next", then fill in the reason for the custom app and click "Finish":
The app is created.
Step 7: Download SAML Metadata
If you're not already in the "Sign On" tab, click there. Then download the metadata file for the IdP:
Step 8: Assign users or groups to the Canary Application
Almost there! The last step is to grant Canary Console permission to your Okta users. Click "Assignments", then "Assign", and finally "Assign to People":
Next, assign folks to the app:
Save their email address:
And click "Done".
Your Okta configuration is done!
Step 9: Send us the SAML Metadata
Send the SAML metadata file from Step 7 to us in your support ticket. We will configure your Console with the IdP metadata and confirm when SAML support is fully set up.
Step 10: Test login from both the Console and Okta
You'll know it's working when you see your Console Login page show a "Login with SSO" button:
Click the button to initiate the SSO login.
You'll also be able to login to your Console by clicking on your Canary app panel inside the Okta dashboard: