Skip to main content

Search

Configuring SAML: Okta

  • Updated

Introduction

Enable Single SignOn from Okta to your Canary Console with these steps.

Step 1: Create a support request to enable SAML

You can either use our live support (see the chat icon on that page's bottom right) or file a support request. Please include your Organisation's name in the request.

We'll enable SAML support on your console which will generate the parameters you need.

Step 2: Login to you Canary Console and copy the SAML parameters

Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:

Step 3: Login to Okta and click "Admin" to get to the administration page

Step 4: Ensure you're in the Classic View

Look at the top left of your Okta page. If it shows "Developer Console", you need to switch to "Class UI". Click on "Developer Console" and select "Classic UI".

Step 5: Launch the SAML Wizard

Click "Applications" then "Applications":

Then click "Add Application":

Then click "Create New App":

From the options, select "SAML 2.0" and click "Create":

Step 6: Enter SAML details

Choose a name for your Okta Canary application and click "Next":

On the second step, paste your ACS URL from Step 2 above in the "Single sign on URL" field, paste the SP Entity ID from Step 2 into the right field, and make sure the "Name ID format" and "Application username" are set to "EmailAddress" and "Email" respectively.

Click "Next", then fill in the reason for the custom app and click "Finish":

The app is created.

Step 7: Download SAML Metadata

If you're not already in the "Sign On" tab, click there. Then download the metadata file for the IdP:

Step 8: Assign users or groups to the Canary Application

Almost there! Last step is to grant Canary Console permission to your Okta users. Click "Assignments", then "Assign", and finally "Assign to People":

Next, assign folks to the app:

Save their email address:

And click "Done".

Your Okta configuration is done!

Step 9: Send us the SAML Metadata

Send the SAML metadata file from Step 7 to us in your support ticket. We will configure your Console with the IdP metadata and confirm when SAML support is fully setup.

Step 10: Test login from both the Console and Okta

You'll know it's working when you see your Console Login page show a "Login with SSO" button:

Click the button to initiate the SSO login.

You'll also be able to login to your Console by clicking on your Canary app panel inside the Okta dashboard: