Introduction
Enable Single SignOn from Auth0 to your Canary Console with these steps. These instructions set up Auth0 to only support authentications that originate at your Canary Console (i.e. IdP-initiated authentication is not supported in this configuration.)
Step 1: Create a support request to enable SAML
Drop us a note at support@canary.tools to enable SAML and we’ll get your Console ready.
We'll enable SAML support on your Console which will generate the parameters you need.
Step 2: Log in to your Canary Console and copy the SAML parameters
Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:
Step 3: Log in to Auth0 and create a new application
Click "Applications", then click "CREATE APPLICATION":
In the modal that pops up, give your new application a name, then click on "Regular Web Applications", then click "CREATE":
Step 4: Enable the SAML Addon
Click "Addons", then click on "SAML2 Web App" to enable the SAML Addon:
After enabling the addon, a modal window will appear to configure the addon.
Step 5: Configure the SAML Addon
In the "Application Callback URL" field, paste the ACS URL from Step 2:
The "Settings" takes a JSON object to configure the rest of the addon. Here is the template for the object (replace XXXXXXXX.canary.tools with your Console's hostname):
{
"audience": "https://XXXXXXXX.canary.tools/",
"mappings": {},
"createUpnClaim": false,
"passthroughClaimsWithNoMapping": false,
"mapUnknownClaimsAsIs": false,
"mapIdentities": false,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
],
"logout": {
"callback": "https://XXXXXXXX.canary.tools/saml/logout",
"slo_enabled": true
}
}
After replacing "XXXXXXXX" in the template, paste into the Auth0 settings field, scroll down and click "Enable":
This saves the addon details.
Step 6: Download SAML Metadata
Click on the "Usage" tab, then "Download" next to "Identity Provider Metadata":
Step 7: Send us the SAML Metadata
Send us the previous step's SAML metadata file in your support ticket. We'll configure your Console with the IdP metadata and confirm when SAML support is fully set up.
Step 8: Test login from the Console
You'll know it's working when you see your Console Login page show a "Login with SSO" button:
Click the button to initiate the SSO login.