SAML SSO means no longer having to maintain a separate user database in your Canary Console, you can rely on your current SAML Identity Provider. This page provides a broad overview of our SAML support and links to individual setup pages for particular SAML providers.
Getting SAML right involves configuration on both ends of the authentication flow. You can kick off the process by contacting support and requesting SAML SSO for your Console.
You'll be provided with the details you need to set up your Console as a Service Provider. You'll then send us the metadata for the Identity Provider, and we'll finish the configuration of SAML SSO.
These are non-default options but can be enabled for you with a support request:
- Disable non-SAML logins to your Console
- Always required SP-initiated authentication (i.e. reject IdP-initiated auth)
- Always required IdP-initiated authentication (i.e. reject SP-initiated auth)
- Enable IdP-initiated Single LogOut
Instructions for particular SAML Identity Providers
- Azure Directory Services
- Active Directory Federation Services
- Duo / Others
- Google Workspaces
Don't see yours here? Get in touch and we'll add it!