Introduction
Enable Single SignOn from Azure Active Directory to your Canary Console with these steps.
Step 1: Create a support request to enable SAML
You can either use our live support (see the chat icon on that page's bottom right) or file a support request. Please include your Organisation's name in the request.
We'll enable SAML support on your console which will generate the parameters you need.
Step 2: Log in to your Canary Console and copy the SAML parameters
Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:
Step 3: Log in to Azure Active Directory and add a new SAML Application
In your Azure dashboard, click "Azure Active Directory" then "Enterprise applications":
Then click "New Application":
On the next window, click "Non-gallery application":
Give your application a name and click "Add":
Step 4: Configure SAML for the Canary Console application
Click "Single sign-on" in the left menu, then click on the "SAML" panel:
Edit the "Basic SAML Configuration" information. In the "Identity" field, paste the Entity ID from Step 2. In the "Reply URL" field, paste the ACS URL from Step 2. Finally, click "Save":
Close the "Basic SAML Configuration" panel, and (if prompted), skip testing for now.
Step 5: Edit User Attributes & Claims
On the "User Attributes & Claims" panel, click the edit icon:
Then click the edit icon next to "Name identifier value":
Edit the "Source attribute" field so that it contains "user.mail", and click "Save":
The default set of attributes passed in the SAML Login data is unnecessary for Canary Consoles. You can remove attributes until it looks like:
Step 6: Download the SAML Metadata
Look for the "Federation Metadata XML" download link and click it:
Step 7: Assign users or groups to the Canary Application
Almost there! The last step is to grant Canary Console permission to your Azure AD users. Click "Users and groups", then "Add user":
Add users and groups until you're happy.
Your Azure Active Directory configuration is done!
Step 8: Send us the SAML Metadata
Send the SAML metadata file from Step 6 to us in your support ticket. We will configure your Console with the IdP metadata and confirm when SAML support is fully set up.
Step 9: Test login from both the Console and Azure MyApps
You'll know it's working when you see your Console Login page show a "Login with SSO" button:
Click the button to initiate the SSO login.
You'll also be able to login to your Console by clicking on your Canary app panel inside the MyApps Azure dashboard: