Enable Single SignOn from Azure Active Directory to your Canary Console with these steps.
Step 1: Create a support request to enable SAML
Drop us a note at firstname.lastname@example.org to enable SAML and we’ll get your Console ready.
We'll enable SAML support on your Console which will generate the parameters you need.
Step 2: Log in to your Canary Console and copy the SAML parameters
Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:
Step 3: Log in to Azure Active Directory and add a new SAML Application
In your Azure dashboard, click "Azure Active Directory" then "Enterprise applications":
Then click "New Application":
Next select "Create your own application"
Give your application a name and click "Create":
Step 4: Configure SAML for the Canary Console application
Click "Single sign-on" in the left menu, then click on the "SAML" panel:
Edit the "Basic SAML Configuration" information.
In the "Identity" field, paste the Entity ID from Step 2. In the "Reply URL" field, paste the ACS URL from Step 2. Finally, click "Save":
Click the Save button to continue.
Step 5: Edit User Attributes & Claims
On the "User Attributes & Claims" panel, click the Edit link:
Edit the Required Claim:
Set the Name identifier format to Email address
Edit the "Source attribute" field so that it contains "user.mail", and click "Save":
Remove any Additional claims:
Step 6: Download the SAML Metadata
Look for the "Federation Metadata XML" download link and click it:
Step 7: Assign users or groups to the Canary Application
Almost there! The last step is to grant Canary Console permission to your Azure AD users. Click "Users and groups", then "Add user":
Add users and groups until you're happy.
Your Azure Active Directory configuration is done!
Step 8: Send us the SAML Metadata
Send the SAML metadata file from Step 6 to us in your support ticket. We will configure your Console with the IdP metadata and confirm when SAML support is fully set up.
Step 9: Test login from both the Console and Azure MyApps
You'll know it's working when you see your Console Login page show a "Login with SSO" button:
Click the button to initiate the SSO login.
You'll also be able to login to your Console by clicking on your Canary app panel inside the MyApps Azure dashboard: