Skip to main content

Search

Configuring SAML: Auth0

Introduction

Enable Single SignOn from Auth0 to your Canary Console with these steps. These instructions set up Auth0 to only support authentications that originate at your Canary Console (i.e. IdP-initiated authentication is not supported in this configuration.)

 

Step 1: Log in to your Canary Console and copy the SAML parameters

Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:

Step 2: Log in to Auth0 and create a new application

Click "Applications", then click "CREATE APPLICATION":

In the modal that pops up, give your new application a name, then click on "Regular Web Applications", then click "CREATE":

 

Step 3: Enable the SAML Addon

Click "Addons", then click on "SAML2 Web App" to enable the SAML Addon:

After enabling the addon, a modal window will appear to configure the addon.

Step 4: Configure the SAML Addon

In the "Application Callback URL" field, paste the ACS URL from Step 1:

The "Settings" takes a JSON object to configure the rest of the addon. Here is the template for the object (replace XXXXXXXX.canary.tools with your Console's hostname):

{
  "audience": "https://XXXXXXXX.canary.tools/",
  "mappings": {},
  "createUpnClaim": false,
  "passthroughClaimsWithNoMapping": false,
  "mapUnknownClaimsAsIs": false,
  "mapIdentities": false,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ],
  "logout": {
    "callback": "https://XXXXXXXX.canary.tools/saml/logout",
    "slo_enabled": true
  }
}

After replacing "XXXXXXXX" in the template, paste into the Auth0 settings field, scroll down and click "Enable":

This saves the addon details.

Step 5: Download SAML Metadata

Click on the "Usage" tab, then "Download" next to "Identity Provider Metadata":

Step 6: Send us the SAML Metadata

Send us the previous step's SAML metadata file in a support ticket to support@canary.tools and we'll configure your Console with the IdP metadata and confirm when SAML support is fully set up.

Step 7: Test login from the Console

You'll know it's working when you see your Console Login page show a "Login with SSO" button:

SSO_Login.png

Click the button to initiate the SSO login.

Was this article helpful?
0 out of 0 found this helpful
Return to top