Skip to main content

Search

Configuring SAML: Azure Active Directory

  • Updated

Introduction

Enable Single SignOn from Azure Active Directory to your Canary Console with these steps.

Step 1: Create a support request to enable SAML

Drop us a note at support@canary.tools to enable SAML and we’ll get your Console ready.

We'll enable SAML support on your Console which will generate the parameters you need.

Step 2: Log in to your Canary Console and copy the SAML parameters

Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:

Step 3: Log in to Azure Active Directory and add a new SAML Application

In your Azure dashboard, click "Azure Active Directory" then "Enterprise applications":

Then click "New Application":

On the next window, click "Non-gallery application":

Give your application a name and click "Add":

Step 4: Configure SAML for the Canary Console application

Click "Single sign-on" in the left menu, then click on the "SAML" panel:

Edit the "Basic SAML Configuration" information. In the "Identity" field, paste the Entity ID from Step 2. In the "Reply URL" field, paste the ACS URL from Step 2. Finally, click "Save":

Close the "Basic SAML Configuration" panel, and (if prompted), skip testing for now.

Step 5: Edit User Attributes & Claims

On the "User Attributes & Claims" panel, click the edit icon:

Then click the edit icon next to "Name identifier value":

Edit the "Source attribute" field so that it contains "user.mail", and click "Save":

The default set of attributes passed in the SAML Login data is unnecessary for Canary Consoles. You can remove attributes until it looks like:

Step 6: Download the SAML Metadata

Look for the "Federation Metadata XML" download link and click it:

Step 7: Assign users or groups to the Canary Application

Almost there! The last step is to grant Canary Console permission to your Azure AD users. Click "Users and groups", then "Add user":

Add users and groups until you're happy.

Your Azure Active Directory configuration is done!

Step 8: Send us the SAML Metadata

Send the SAML metadata file from Step 6 to us in your support ticket. We will configure your Console with the IdP metadata and confirm when SAML support is fully set up.

Step 9: Test login from both the Console and Azure MyApps

You'll know it's working when you see your Console Login page show a "Login with SSO" button:

Screenshot_2021-06-21_at_14.30.25.png

Click the button to initiate the SSO login.

You'll also be able to login to your Console by clicking on your Canary app panel inside the MyApps Azure dashboard:

Was this article helpful?
1 out of 1 found this helpful
Return to top