Introduction

SAML SSO means no longer having to maintain a separate user database in your Canary Console, you can rely on your current SAML Identity Provider. This page provides a broad overview of our SAML support and links to individual setup pages for particular SAML providers.

Setup process

Getting SAML right involves configuration on both ends of the authentication flow.

You'll be provided with the details you need to set up your Console as a Service Provider. You'll then send us the metadata for the Identity Provider, and we'll finish the configuration of SAML SSO.

SAML Options

These are non-default options but can be enabled for you with a support request:

Disable non-SAML logins to your Console
Always required SP-initiated authentication (i.e. reject IdP-initiated auth)
Always required IdP-initiated authentication (i.e. reject SP-initiated auth)
Enable IdP-initiated Single LogOut

Instructions for particular SAML Identity Providers

Auth0
Azure Active Directory
Active Directory Federation Services
Okta
Onelogin
Shibboleth
Duo / Others
AWS
Google Workspaces
KeyCloak
LassPass

Don't see yours here? Get in touch and we'll add it!

Search

Enabling SAML SSO on your Console

Introduction

Setup process

SAML Options

Instructions for particular SAML Identity Providers