Introduction

Enable Single SignOn from Onelogin to your Canary Console with these steps.

Step 1: Log in to your Canary Console and copy the SAML parameters

Step 2: Log in to Onelogin and click "Administration" to get to the administration page

Step 3: Load the Apps page

Click "Apps", then "Company Apps":

Step 4: Add "SAML Test Connector (Advanced)" App

Click "Add App":

Search for "SAML Test Connector", and click on "SAML Test Connector (Advanced)":

Step 5: Enter SAML details

Choose a name for your Onelogin Canary application and click "Save":

Then click on the "Configuration" tab:

In the "Audience" field, paste your Entity ID from Step 1 (don't forget the trailing forward slash). In the "Recipient", "ACS URL Validator" and "ACS URL" fields, paste your ACS URL from Step 1:

Scroll down to the "SAML signature element", and make sure "Assertion" is selected:

Lastly, click "Save":

Step 6: Download SAML Metadata

Click "More actions", then "SAML Metadata":

Step 7: Grant Onelogin access permissions if necessary

Almost there! You may need to assign or grant permissions to use the Canary Console app, depending on your Onelogin setup:

Your Onelogin configuration is done!

Step 8: Send us the SAML Metadata

Send the SAML metadata file from Step 6 to us in a support ticket at support@canary.tools and we will configure your Console with the IdP metadata and confirm when SAML support is fully set up.

Step 9: Test login from both the Console and Onelogin

You'll know it's working when you see your Console Login page show a "Login with SSO" button:

Click the button to initiate the SSO login.

You'll also be able to login to your Console by clicking on your Canary app panel inside the Onelogin dashboard: