Skip to main content

Search

Configuring SAML: Okta

Introduction

Enable Single Sign-On from Okta to your Canary Console with this guide.

This article covers the following topics, click on a heading to jump to it's section.

Getting Started

Assigning users or groups to the Canary Application

Logging into your Console via SSO

Step 1: Find your SAML parameters

Login to your Console, click the white Gear Icon on the top right hand side of your screen, select "Global Settings" then expand the SAML section at the bottom of the page. You will find the info for your Console (pictured below) that you'll need for Step 5 of the process.

Note you can also head directly to your Console SAML page by editing the below URL with your domain hash.

https://XXX.canary.tools/nest/settings/saml

Step 2: Create App in Okta

Login to your Okta organisation dashboard and expand the "Applications" menu, then select "Applications" and finally "Create App Integration"

Step 3: Launch the SAML Wizard

On the popup, select "SAML 2.0" as the application type, then hit next.

Step 4: Configure your SAML App Integration

  1. Choose a name for your Okta Canary application.
  2. Upload an App logo. (Available for download here.)
  3. Select "Next"

On the second step, enter the SAML parameters from your Console received in step 1.

  1. Enter your ACS URL : https://XXX.canary.tools/saml/acs
  2. Enter your SP Entity ID : https://XXX.canary.tools/
  3. Leave the Default RelayState blank.
  4. Set the Name ID format to EmailAddress.
  5. Set the Application username to Email.
  6. Leave the Update application username on field as Create and update.

Once complete, select "Next", then fill in the reason for the custom app and click "Finish":

Lastly select "I'm an Okta customer adding an internal app", then hit Finish or complete the form if you'd like to provide Okta feedback.

Step 5: Download SAML Metadata

Your SSO integration is ready!

Simply share your Metadata URL with the support team at support@canary.tools and we'll have your SSO setup in no time.

 

Assigning users or groups to the Canary Application

With your SSO setup, you'll want to grant access to your users to access your Canary Console.

With your Canary application open, select the "Assignments" tab, then the "Assign" drop down and finally "Assign to People".

At the popup, assign your users to the app:

Save their email address and select "Save and Go Back".

Finally, click "Done".

You're all set!

Logging into your Console via SSO

You'll know it's working when you see your Console Login page show a "Login with SSO" button:

Screenshot_2021-06-21_at_14.30.25.png

Click the button to initiate the SSO login.

You'll also be able to login to your Console by clicking on your Canary app panel inside the Okta dashboard:

 

 

Was this article helpful?
7 out of 7 found this helpful
Return to top