Skip to main content

Search

Configuring SAML: Auth0

  • Updated

Introduction

Enable Single SignOn from Auth0 to your Canary Console with these steps. These instructions set up Auth0 to only support authentications that originate at your Canary Console (i.e. IdP-initiated authentication is not supported in this configuration.)

Step 1: Create a support request to enable SAML

Drop us a note at support@canary.tools to enable SAML and we’ll get your Console ready.

We'll enable SAML support on your Console which will generate the parameters you need.

Step 2: Log in to your Canary Console and copy the SAML parameters

Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:

Step 3: Log in to Auth0 and create a new application

Click "Applications", then click "CREATE APPLICATION":

In the modal that pops up, give your new application a name, then click on "Regular Web Applications", then click "CREATE":

 

Step 4: Enable the SAML Addon

Click "Addons", then click on "SAML2 Web App" to enable the SAML Addon:

After enabling the addon, a modal window will appear to configure the addon.

Step 5: Configure the SAML Addon

In the "Application Callback URL" field, paste the ACS URL from Step 2:

The "Settings" takes a JSON object to configure the rest of the addon. Here is the template for the object (replace XXXXXXXX.canary.tools with your Console's hostname):

{
  "audience": "https://XXXXXXXX.canary.tools/",
  "mappings": {},
  "createUpnClaim": false,
  "passthroughClaimsWithNoMapping": false,
  "mapUnknownClaimsAsIs": false,
  "mapIdentities": false,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ],
  "logout": {
    "callback": "https://XXXXXXXX.canary.tools/saml/logout",
    "slo_enabled": true
  }
}

After replacing "XXXXXXXX" in the template, paste into the Auth0 settings field, scroll down and click "Enable":

This saves the addon details.

Step 6: Download SAML Metadata

Click on the "Usage" tab, then "Download" next to "Identity Provider Metadata":

Step 7: Send us the SAML Metadata

Send us the previous step's SAML metadata file in your support ticket. We'll configure your Console with the IdP metadata and confirm when SAML support is fully set up.

Step 8: Test login from the Console

You'll know it's working when you see your Console Login page show a "Login with SSO" button:

SSO_Login.png

Click the button to initiate the SSO login.

Was this article helpful?
0 out of 0 found this helpful
Return to top