Skip to main content

Search

Configuring SAML: Azure Active Directory

  • Updated

Introduction

Enable Single SignOn from Azure Active Directory to your Canary Console with these steps.

Step 1: Create a support request to enable SAML

You can either use our live support (see the chat icon on that page's bottom right) or file a support request. Please include your Organisation's name in the request.

We'll enable SAML support on your console which will generate the parameters you need.

Step 2: Login to you Canary Console and copy the SAML parameters

Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:

Step 3: Login to Azure Active Directory and add a new SAML Application

In your Azure dashboard, click "Azure Active Directory" then "Enterprise applications":

Then click "New Application":

On the next window, click "Non-gallery application":

Give your application a name and click "Add":

Step 4: Configure SAML for the Canary Console application

Click "Single sign-on" in the left menu, then click on the "SAML" panel:

Edit the "Basic SAML Configuration" information. In the "Identity" field, paste the Entity ID from Step 2. In the "Reply URL" field, paste the ACS URL from Step 2. Finally, click "Save":

Close the "Basic SAML Configuration" panel, and (if prompted), skip testing for now.

Step 5: Edit User Attributes & Claims

On the "User Attributes & Claims" panel, click the edit icon:

Then click the edit icon next to "Name identifier value":

Edit the "Source attribute" field so that it contains "user.mail", and click "Save":

The default set of attributes passed in the SAML Login data is unnecessary for Canary Consoles. You can remove attributes until it looks like:

Step 6: Download the SAML Metadata

Look for the "Federation Metadata XML" download link and click it:

Step 7: Assign users or groups to the Canary Application

Almost there! The last step is to grant Canary Console permission to your Azure AD users. Click "Users and groups", then "Add user":

Add users and groups until you're happy.

Your Azure Active Directory configuration is done!

Step 8: Send us the SAML Metadata

Send the SAML metadata file from Step 6 to us in your support ticket. We will configure your Console with the IdP metadata and confirm when SAML support is fully setup.

Step 9: Test login from both the Console and Azure MyApps

You'll know it's working when you see your Console Login page show a "Login with SSO" button:

Click the button to initiate the SSO login.

You'll also be able to login to your Console by clicking on your Canary app panel inside the MyApps Azure dashboard: